diff --git a/meta/main.yml b/meta/main.yml index f660b4a0..5e61cd94 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -27,6 +27,7 @@ galaxy_info: - fedora - redhat - rhel + - leap - ssl - system - tls diff --git a/tests/tests_basic_ipa.yml b/tests/tests_basic_ipa.yml index a0c1c7b7..0a85049b 100644 --- a/tests/tests_basic_ipa.yml +++ b/tests/tests_basic_ipa.yml @@ -20,7 +20,8 @@ - name: Skip if not supported meta: end_host - when: __ostree_booted_stat.stat.exists + when: __ostree_booted_stat.stat.exists or + ansible_facts['os_family'] == 'Suse' - name: Setup IPA import_tasks: tasks/setup_ipa.yml @@ -41,6 +42,12 @@ ca: ipa group: ftp + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true + - name: Verify certificates include_tasks: tasks/assert_certificate_parameters.yml loop: "{{ certificates }}" @@ -48,8 +55,8 @@ loop_var: cert vars: certificates: - - path: /etc/pki/tls/certs/mycert_basic_ipa.crt - key_path: /etc/pki/tls/private/mycert_basic_ipa.key + - path: "{{ __certificate_default_directory }}/certs/mycert_basic_ipa.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_basic_ipa.key" subject: - name: commonName oid: 2.5.4.3 @@ -73,8 +80,8 @@ - key_encipherment - data_encipherment - - path: /etc/pki/tls/certs/groupcert.crt - key_path: /etc/pki/tls/private/groupcert.key + - path: "{{ __certificate_default_directory }}/certs/groupcert.crt" + key_path: "{{ __certificate_default_directory }}/private/groupcert.key" owner: root group: ftp mode: "0640" diff --git a/tests/tests_basic_self_signed.yml b/tests/tests_basic_self_signed.yml index 489cac9b..d47255aa 100644 --- a/tests/tests_basic_self_signed.yml +++ b/tests/tests_basic_self_signed.yml @@ -1,7 +1,6 @@ --- - name: Issue simple self-signed certificate hosts: all - vars: certificate_requests: - name: mycert_basic_self_signed @@ -12,10 +11,16 @@ - name: Verify certificate hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificates: - - path: /etc/pki/tls/certs/mycert_basic_self_signed.crt - key_path: /etc/pki/tls/private/mycert_basic_self_signed.key + - path: "{{ __certificate_default_directory }}/certs/mycert_basic_self_signed.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_basic_self_signed.key" subject: - name: commonName oid: 2.5.4.3 diff --git a/tests/tests_dns_ip_email.yml b/tests/tests_dns_ip_email.yml index bba01d29..46af425c 100644 --- a/tests/tests_dns_ip_email.yml +++ b/tests/tests_dns_ip_email.yml @@ -23,10 +23,16 @@ - name: Verify certificate hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificates: - - path: /etc/pki/tls/certs/mycert_dns_ip_email.crt - key_path: /etc/pki/tls/private/mycert_dns_ip_email.key + - path: "{{ __certificate_default_directory }}/certs/mycert_dns_ip_email.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_dns_ip_email.key" subject: - name: commonName oid: 2.5.4.3 diff --git a/tests/tests_fs_attrs.yml b/tests/tests_fs_attrs.yml index ad8be936..580525f1 100644 --- a/tests/tests_fs_attrs.yml +++ b/tests/tests_fs_attrs.yml @@ -2,6 +2,23 @@ - name: Ensure UID and GID exists hosts: all tasks: + - name: Ensure ftp group exists + group: + name: ftp + system: true + when: + - not __bootc_validation | d(false) + - ansible_facts['os_family'] == 'Suse' + + - name: Ensure ftp user exists + user: + name: ftp + group: ftp + system: true + when: + - not __bootc_validation | d(false) + - ansible_facts['os_family'] == 'Suse' + - name: Ensure user exists user: name: user1 @@ -31,6 +48,12 @@ ca: self-sign when: not __bootc_validation | d(false) + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true + - name: Verify each user/group certificate include_tasks: tasks/assert_certificate_parameters.yml loop: "{{ certificates }}" @@ -38,8 +61,8 @@ loop_var: cert vars: certificates: - - path: /etc/pki/tls/certs/mycert_fs_attrs.crt - key_path: /etc/pki/tls/private/mycert_fs_attrs.key + - path: "{{ __certificate_default_directory }}/certs/mycert_fs_attrs.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_fs_attrs.key" subject: - name: commonName oid: 2.5.4.3 @@ -50,8 +73,8 @@ owner: ftp group: ftp mode: "0640" - - path: /etc/pki/tls/certs/certid.crt - key_path: /etc/pki/tls/private/certid.key + - path: "{{ __certificate_default_directory }}/certs/certid.crt" + key_path: "{{ __certificate_default_directory }}/private/certid.key" subject: - name: commonName oid: 2.5.4.3 @@ -96,8 +119,8 @@ loop_var: cert vars: certificates: - - path: /etc/pki/tls/certs/mycert_fs_attrs_mode.crt - key_path: /etc/pki/tls/private/mycert_fs_attrs_mode.key + - path: "{{ __certificate_default_directory }}/certs/mycert_fs_attrs_mode.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_fs_attrs_mode.key" subject: - name: commonName oid: 2.5.4.3 @@ -108,8 +131,8 @@ owner: ftp group: ftp mode: "0620" - - path: /etc/pki/tls/certs/certid_mode.crt - key_path: /etc/pki/tls/private/certid_mode.key + - path: "{{ __certificate_default_directory }}/certs/certid_mode.crt" + key_path: "{{ __certificate_default_directory }}/private/certid_mode.key" subject: - name: commonName oid: 2.5.4.3 diff --git a/tests/tests_key_size.yml b/tests/tests_key_size.yml index 14d2e6cd..e302e4ed 100644 --- a/tests/tests_key_size.yml +++ b/tests/tests_key_size.yml @@ -14,6 +14,13 @@ dns: www.example.com ca: self-sign key_size: 1024 + + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true + - name: Verify each certificate include_tasks: tasks/assert_certificate_parameters.yml loop: "{{ certificates }}" @@ -21,8 +28,8 @@ loop_var: cert vars: certificates: - - path: /etc/pki/tls/certs/mycert_key_size.crt - key_path: /etc/pki/tls/private/mycert_key_size.key + - path: "{{ __certificate_default_directory }}/certs/mycert_key_size.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_key_size.key" subject: - name: commonName oid: 2.5.4.3 diff --git a/tests/tests_key_size_reissue.yml b/tests/tests_key_size_reissue.yml index 9e243ba8..28965b4a 100644 --- a/tests/tests_key_size_reissue.yml +++ b/tests/tests_key_size_reissue.yml @@ -16,6 +16,13 @@ dns: www.example.com ca: self-sign key_size: 4096 + + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true + - name: Verify each certificate include_tasks: tasks/assert_certificate_parameters.yml loop: "{{ certificates }}" @@ -23,8 +30,8 @@ loop_var: cert vars: certificates: - - path: /etc/pki/tls/certs/mycert_key_size.crt - key_path: /etc/pki/tls/private/mycert_key_size.key + - path: "{{ __certificate_default_directory }}/certs/mycert_key_size.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_key_size.key" subject: - name: commonName oid: 2.5.4.3 @@ -73,8 +80,8 @@ loop_var: cert vars: certificates: - - path: /etc/pki/tls/certs/mycert_key_size.crt - key_path: /etc/pki/tls/private/mycert_key_size.key + - path: "{{ __certificate_default_directory }}/certs/mycert_key_size.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_key_size.key" subject: - name: commonName oid: 2.5.4.3 diff --git a/tests/tests_key_usage_and_extended_key_usage.yml b/tests/tests_key_usage_and_extended_key_usage.yml index 2056a1d4..2ebc16b9 100644 --- a/tests/tests_key_usage_and_extended_key_usage.yml +++ b/tests/tests_key_usage_and_extended_key_usage.yml @@ -1,7 +1,6 @@ --- - name: Issue simple self-signed certificate hosts: all - vars: certificate_requests: - name: mycert_key_usage_and_extended_key_usage @@ -21,11 +20,17 @@ - name: Verify certificate hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificates: - - path: /etc/pki/tls/certs/mycert_key_usage_and_extended_key_usage.crt + - path: "{{ __certificate_default_directory }}/certs/mycert_key_usage_and_extended_key_usage.crt" key_path: >- - /etc/pki/tls/private/mycert_key_usage_and_extended_key_usage.key + {{ __certificate_default_directory }}/private/mycert_key_usage_and_extended_key_usage.key subject: - name: commonName oid: 2.5.4.3 diff --git a/tests/tests_many_self_signed.yml b/tests/tests_many_self_signed.yml index d9365593..6dd2f92a 100644 --- a/tests/tests_many_self_signed.yml +++ b/tests/tests_many_self_signed.yml @@ -26,6 +26,12 @@ changed_when: true when: ansible_connection == "buildah" + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true + - name: Verify each certificate include_tasks: tasks/assert_certificate_parameters.yml loop: "{{ certificates }}" @@ -33,8 +39,8 @@ loop_var: cert vars: certificates: - - path: /etc/pki/tls/certs/mycert_many_self_signed.crt - key_path: /etc/pki/tls/private/mycert_many_self_signed.key + - path: "{{ __certificate_default_directory }}/certs/mycert_many_self_signed.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_many_self_signed.key" subject: - name: commonName oid: 2.5.4.3 @@ -42,8 +48,8 @@ subject_alt_name: - name: DNS value: www.example.com - - path: /etc/pki/tls/certs/other-cert.crt - key_path: /etc/pki/tls/private/other-cert.key + - path: "{{ __certificate_default_directory }}/certs/other-cert.crt" + key_path: "{{ __certificate_default_directory }}/private/other-cert.key" subject: - name: commonName oid: 2.5.4.3 @@ -51,8 +57,8 @@ subject_alt_name: - name: DNS value: www.example.org - - path: /etc/pki/tls/certs/another-cert.crt - key_path: /etc/pki/tls/private/another-cert.key + - path: "{{ __certificate_default_directory }}/certs/another-cert.crt" + key_path: "{{ __certificate_default_directory }}/private/another-cert.key" subject: - name: commonName oid: 2.5.4.3 diff --git a/tests/tests_no_auto_renew.yml b/tests/tests_no_auto_renew.yml index 66fa916c..db1a917b 100644 --- a/tests/tests_no_auto_renew.yml +++ b/tests/tests_no_auto_renew.yml @@ -1,7 +1,6 @@ --- - name: Issue simple self-signed certificate hosts: all - vars: certificate_requests: - name: mycert_no_auto_renew @@ -15,11 +14,17 @@ - linux-system-roles.certificate - name: Verify certificate + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true hosts: all vars: certificates: - - path: /etc/pki/tls/certs/mycert_no_auto_renew.crt - key_path: /etc/pki/tls/private/mycert_no_auto_renew.key + - path: "{{ __certificate_default_directory }}/certs/mycert_no_auto_renew.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_no_auto_renew.key" subject: - name: commonName oid: 2.5.4.3 @@ -28,8 +33,8 @@ - name: DNS value: www.example.com auto_renew: false - - path: /etc/pki/tls/certs/defaultcert.crt - key_path: /etc/pki/tls/private/defaultcert.key + - path: "{{ __certificate_default_directory }}/certs/defaultcert.crt" + key_path: "{{ __certificate_default_directory }}/private/defaultcert.key" subject: - name: commonName oid: 2.5.4.3 diff --git a/tests/tests_not_wait_for_cert.yml b/tests/tests_not_wait_for_cert.yml index ba6c8e65..b74f2b40 100644 --- a/tests/tests_not_wait_for_cert.yml +++ b/tests/tests_not_wait_for_cert.yml @@ -1,7 +1,6 @@ --- - name: Issue simple self-signed certificate hosts: all - vars: certificate_wait: false certificate_requests: @@ -13,10 +12,16 @@ - name: Verify certificate hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificates: - - path: /etc/pki/tls/certs/mycert_not_wait_for_cert.crt - key_path: /etc/pki/tls/private/mycert_not_wait_for_cert.key + - path: "{{ __certificate_default_directory }}/certs/mycert_not_wait_for_cert.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_not_wait_for_cert.key" subject: - name: commonName oid: 2.5.4.3 diff --git a/tests/tests_principal.yml b/tests/tests_principal.yml index 77dfa5cc..f0abea2f 100644 --- a/tests/tests_principal.yml +++ b/tests/tests_principal.yml @@ -12,10 +12,16 @@ - name: Verify certificate hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificates: - - path: /etc/pki/tls/certs/mycert_principal.crt - key_path: /etc/pki/tls/private/mycert_principal.key + - path: "{{ __certificate_default_directory }}/certs/mycert_principal.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_principal.key" subject: - name: commonName oid: 2.5.4.3 @@ -36,7 +42,6 @@ loop_control: loop_var: cert - - name: Test issuing certificate with invalid principal. hosts: all vars: diff --git a/tests/tests_provider.yml b/tests/tests_provider.yml index 06164074..426c6c5b 100644 --- a/tests/tests_provider.yml +++ b/tests/tests_provider.yml @@ -12,10 +12,16 @@ - name: Verify certificate hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificates: - - path: /etc/pki/tls/certs/mycert_provider.crt - key_path: /etc/pki/tls/private/mycert_provider.key + - path: "{{ __certificate_default_directory }}/certs/mycert_provider.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_provider.key" subject: - name: commonName oid: 2.5.4.3 diff --git a/tests/tests_run_hooks.yml b/tests/tests_run_hooks.yml index b083bc85..d3ee739d 100644 --- a/tests/tests_run_hooks.yml +++ b/tests/tests_run_hooks.yml @@ -1,7 +1,6 @@ --- - name: Issue simple self-signed certificate hosts: all - vars: certificate_requests: - name: mycert_run_hooks @@ -16,10 +15,16 @@ - name: Verify certificate hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificates: - - path: /etc/pki/tls/certs/mycert_run_hooks.crt - key_path: /etc/pki/tls/private/mycert_run_hooks.key + - path: "{{ __certificate_default_directory }}/certs/mycert_run_hooks.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_run_hooks.key" subject: - name: commonName oid: 2.5.4.3 diff --git a/tests/tests_subject.yml b/tests/tests_subject.yml index ff0974e2..0a8bacfc 100644 --- a/tests/tests_subject.yml +++ b/tests/tests_subject.yml @@ -1,7 +1,6 @@ --- - name: Issue simple self-signed certificate hosts: all - vars: certificate_requests: - name: mycert_subject @@ -18,10 +17,16 @@ - name: Verify certificate hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificates: - - path: /etc/pki/tls/certs/mycert_subject.crt - key_path: /etc/pki/tls/private/mycert_subject.key + - path: "{{ __certificate_default_directory }}/certs/mycert_subject.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_subject.key" subject: - name: countryName oid: 2.5.4.6 diff --git a/tests/tests_subject_complex.yml b/tests/tests_subject_complex.yml index 6e1ff53b..165f9dc6 100644 --- a/tests/tests_subject_complex.yml +++ b/tests/tests_subject_complex.yml @@ -2,7 +2,6 @@ - name: Issue simple self-signed certificate hosts: all become: true - vars: certificate_requests: - name: mycert_subject_complex @@ -15,12 +14,18 @@ - name: Verify certificate hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true become: true gather_facts: true vars: certificates: - - path: /etc/pki/tls/certs/mycert_subject_complex.crt - key_path: /etc/pki/tls/private/mycert_subject_complex.key + - path: "{{ __certificate_default_directory }}/certs/mycert_subject_complex.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_subject_complex.key" subject: - name: emailAddress oid: 1.2.840.113549.1.9.1 diff --git a/vars/SLES_15.yml b/vars/SLES_15.yml index 7108b11a..6d63413f 100644 --- a/vars/SLES_15.yml +++ b/vars/SLES_15.yml @@ -5,6 +5,6 @@ __certificate_default_directory: /etc/ssl __certificate_packages: - - python3-cryptography - - python3-dbus-python - - python3-pyasn1 + - python311-cryptography + - python311-dbus-python + - python311-pyasn1 diff --git a/vars/SLES_16.yml b/vars/SLES_16.yml deleted file mode 100644 index 291c6668..00000000 --- a/vars/SLES_16.yml +++ /dev/null @@ -1,10 +0,0 @@ -# SPDX-License-Identifier: MIT ---- -# Put internal variables here with SLES_16 specific values. - -__certificate_default_directory: /etc/ssl - -__certificate_packages: - - python313-cryptography - - python313-dbus-python - - python313-pyasn1 diff --git a/vars/SLES_SAP_15.yml b/vars/SLES_SAP_15.yml index fdec70b9..95009495 100644 --- a/vars/SLES_SAP_15.yml +++ b/vars/SLES_SAP_15.yml @@ -5,6 +5,6 @@ __certificate_default_directory: /etc/ssl __certificate_packages: - - python3-cryptography - - python3-dbus-python - - python3-pyasn1 + - python311-cryptography + - python311-dbus-python + - python311-pyasn1 diff --git a/vars/SLES_SAP_16.yml b/vars/SLES_SAP_16.yml deleted file mode 100644 index e163cfe0..00000000 --- a/vars/SLES_SAP_16.yml +++ /dev/null @@ -1,10 +0,0 @@ -# SPDX-License-Identifier: MIT ---- -# Put internal variables here with SLES_SAP_16 specific values. - -__certificate_default_directory: /etc/ssl - -__certificate_packages: - - python313-cryptography - - python313-dbus-python - - python313-pyasn1 diff --git a/vars/Suse.yml b/vars/Suse.yml new file mode 100644 index 00000000..ae72360a --- /dev/null +++ b/vars/Suse.yml @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: MIT +--- +# SUSE os_family specific values. + +__certificate_default_directory: /etc/ssl + +__certificate_packages: + - python3-cryptography + - python3-dbus-python + - python3-pyasn1 diff --git a/vars/openSUSE Leap_15.yml b/vars/openSUSE Leap_15.yml new file mode 100644 index 00000000..af13bd50 --- /dev/null +++ b/vars/openSUSE Leap_15.yml @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: MIT +--- +# openSUSE Leap 15.x specific values. +# Leap 15.x uses python311 as the ansible interpreter since +# ansible-core 2.18+ requires Python 3.8+ and system python3 is 3.6. + +__certificate_default_directory: /etc/ssl + +__certificate_packages: + - python311-cryptography + - python311-dbus-python + - python311-pyasn1