From f67d8f747b71505a32d99f601d059a45d4968ba1 Mon Sep 17 00:00:00 2001 From: HVSharma12 Date: Wed, 11 Mar 2026 19:40:58 +0530 Subject: [PATCH 1/5] feat: Add openSUSE Leap vars --- vars/openSUSE Leap_15.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 vars/openSUSE Leap_15.yml diff --git a/vars/openSUSE Leap_15.yml b/vars/openSUSE Leap_15.yml new file mode 100644 index 00000000..aa0718b4 --- /dev/null +++ b/vars/openSUSE Leap_15.yml @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: MIT +--- +# openSUSE Leap 15.x specific values. +# Leap 15.x uses python311 as the ansible interpreter since +# ansible-core 2.18+ requires Python 3.8+ and system python3 is 3.6. + +__certificate_default_directory: /etc/ssl + +__certificate_packages: + - python311-cryptography + - python311-dbus-python + - python3-pyasn1 From fec774a1a41a0189a544cffbc57ace56c431f90d Mon Sep 17 00:00:00 2001 From: HVSharma12 Date: Thu, 12 Mar 2026 15:36:45 +0530 Subject: [PATCH 2/5] add leap to ci --- meta/main.yml | 1 + tests/tests_basic_ipa.yml | 11 ++++--- tests/tests_basic_self_signed.yml | 10 ++++-- tests/tests_dns_ip_email.yml | 10 ++++-- tests/tests_fs_attrs.yml | 33 ++++++++++++++----- tests/tests_key_size.yml | 4 +-- tests/tests_key_size_reissue.yml | 8 ++--- ...tests_key_usage_and_extended_key_usage.yml | 10 ++++-- tests/tests_many_self_signed.yml | 12 +++---- tests/tests_no_auto_renew.yml | 14 +++++--- tests/tests_not_wait_for_cert.yml | 10 ++++-- tests/tests_principal.yml | 11 +++++-- tests/tests_provider.yml | 10 ++++-- tests/tests_run_hooks.yml | 10 ++++-- tests/tests_subject.yml | 10 ++++-- tests/tests_subject_complex.yml | 10 ++++-- vars/SLES_15.yml | 6 ++-- vars/SLES_16.yml | 10 ------ vars/SLES_SAP_15.yml | 6 ++-- vars/SLES_SAP_16.yml | 10 ------ vars/Suse.yml | 10 ++++++ vars/openSUSE Leap_15.yml | 2 +- 22 files changed, 143 insertions(+), 75 deletions(-) delete mode 100644 vars/SLES_16.yml delete mode 100644 vars/SLES_SAP_16.yml create mode 100644 vars/Suse.yml diff --git a/meta/main.yml b/meta/main.yml index f660b4a0..5e61cd94 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -27,6 +27,7 @@ galaxy_info: - fedora - redhat - rhel + - leap - ssl - system - tls diff --git a/tests/tests_basic_ipa.yml b/tests/tests_basic_ipa.yml index a0c1c7b7..2d2a9f76 100644 --- a/tests/tests_basic_ipa.yml +++ b/tests/tests_basic_ipa.yml @@ -20,7 +20,8 @@ - name: Skip if not supported meta: end_host - when: __ostree_booted_stat.stat.exists + when: __ostree_booted_stat.stat.exists or + ansible_facts['os_family'] == 'Suse' - name: Setup IPA import_tasks: tasks/setup_ipa.yml @@ -48,8 +49,8 @@ loop_var: cert vars: certificates: - - path: /etc/pki/tls/certs/mycert_basic_ipa.crt - key_path: /etc/pki/tls/private/mycert_basic_ipa.key + - path: "{{ __certificate_default_directory }}/certs/mycert_basic_ipa.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_basic_ipa.key" subject: - name: commonName oid: 2.5.4.3 @@ -73,8 +74,8 @@ - key_encipherment - data_encipherment - - path: /etc/pki/tls/certs/groupcert.crt - key_path: /etc/pki/tls/private/groupcert.key + - path: "{{ __certificate_default_directory }}/certs/groupcert.crt" + key_path: "{{ __certificate_default_directory }}/private/groupcert.key" owner: root group: ftp mode: "0640" diff --git a/tests/tests_basic_self_signed.yml b/tests/tests_basic_self_signed.yml index 489cac9b..ed4004d7 100644 --- a/tests/tests_basic_self_signed.yml +++ b/tests/tests_basic_self_signed.yml @@ -1,6 +1,12 @@ --- - name: Issue simple self-signed certificate hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificate_requests: @@ -14,8 +20,8 @@ hosts: all vars: certificates: - - path: /etc/pki/tls/certs/mycert_basic_self_signed.crt - key_path: /etc/pki/tls/private/mycert_basic_self_signed.key + - path: "{{ __certificate_default_directory }}/certs/mycert_basic_self_signed.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_basic_self_signed.key" subject: - name: commonName oid: 2.5.4.3 diff --git a/tests/tests_dns_ip_email.yml b/tests/tests_dns_ip_email.yml index bba01d29..3f72ae24 100644 --- a/tests/tests_dns_ip_email.yml +++ b/tests/tests_dns_ip_email.yml @@ -1,6 +1,12 @@ --- - name: Issue certificate with dns, ip and email in SAN hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificate_requests: - name: mycert_dns_ip_email @@ -25,8 +31,8 @@ hosts: all vars: certificates: - - path: /etc/pki/tls/certs/mycert_dns_ip_email.crt - key_path: /etc/pki/tls/private/mycert_dns_ip_email.key + - path: "{{ __certificate_default_directory }}/certs/mycert_dns_ip_email.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_dns_ip_email.key" subject: - name: commonName oid: 2.5.4.3 diff --git a/tests/tests_fs_attrs.yml b/tests/tests_fs_attrs.yml index ad8be936..4704a701 100644 --- a/tests/tests_fs_attrs.yml +++ b/tests/tests_fs_attrs.yml @@ -2,6 +2,23 @@ - name: Ensure UID and GID exists hosts: all tasks: + - name: Ensure ftp group exists + group: + name: ftp + system: true + when: + - not __bootc_validation | d(false) + - ansible_facts['os_family'] == 'Suse' + + - name: Ensure ftp user exists + user: + name: ftp + group: ftp + system: true + when: + - not __bootc_validation | d(false) + - ansible_facts['os_family'] == 'Suse' + - name: Ensure user exists user: name: user1 @@ -38,8 +55,8 @@ loop_var: cert vars: certificates: - - path: /etc/pki/tls/certs/mycert_fs_attrs.crt - key_path: /etc/pki/tls/private/mycert_fs_attrs.key + - path: "{{ __certificate_default_directory }}/certs/mycert_fs_attrs.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_fs_attrs.key" subject: - name: commonName oid: 2.5.4.3 @@ -50,8 +67,8 @@ owner: ftp group: ftp mode: "0640" - - path: /etc/pki/tls/certs/certid.crt - key_path: /etc/pki/tls/private/certid.key + - path: "{{ __certificate_default_directory }}/certs/certid.crt" + key_path: "{{ __certificate_default_directory }}/private/certid.key" subject: - name: commonName oid: 2.5.4.3 @@ -96,8 +113,8 @@ loop_var: cert vars: certificates: - - path: /etc/pki/tls/certs/mycert_fs_attrs_mode.crt - key_path: /etc/pki/tls/private/mycert_fs_attrs_mode.key + - path: "{{ __certificate_default_directory }}/certs/mycert_fs_attrs_mode.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_fs_attrs_mode.key" subject: - name: commonName oid: 2.5.4.3 @@ -108,8 +125,8 @@ owner: ftp group: ftp mode: "0620" - - path: /etc/pki/tls/certs/certid_mode.crt - key_path: /etc/pki/tls/private/certid_mode.key + - path: "{{ __certificate_default_directory }}/certs/certid_mode.crt" + key_path: "{{ __certificate_default_directory }}/private/certid_mode.key" subject: - name: commonName oid: 2.5.4.3 diff --git a/tests/tests_key_size.yml b/tests/tests_key_size.yml index 14d2e6cd..f0cb7a99 100644 --- a/tests/tests_key_size.yml +++ b/tests/tests_key_size.yml @@ -21,8 +21,8 @@ loop_var: cert vars: certificates: - - path: /etc/pki/tls/certs/mycert_key_size.crt - key_path: /etc/pki/tls/private/mycert_key_size.key + - path: "{{ __certificate_default_directory }}/certs/mycert_key_size.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_key_size.key" subject: - name: commonName oid: 2.5.4.3 diff --git a/tests/tests_key_size_reissue.yml b/tests/tests_key_size_reissue.yml index 9e243ba8..f52181b1 100644 --- a/tests/tests_key_size_reissue.yml +++ b/tests/tests_key_size_reissue.yml @@ -23,8 +23,8 @@ loop_var: cert vars: certificates: - - path: /etc/pki/tls/certs/mycert_key_size.crt - key_path: /etc/pki/tls/private/mycert_key_size.key + - path: "{{ __certificate_default_directory }}/certs/mycert_key_size.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_key_size.key" subject: - name: commonName oid: 2.5.4.3 @@ -73,8 +73,8 @@ loop_var: cert vars: certificates: - - path: /etc/pki/tls/certs/mycert_key_size.crt - key_path: /etc/pki/tls/private/mycert_key_size.key + - path: "{{ __certificate_default_directory }}/certs/mycert_key_size.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_key_size.key" subject: - name: commonName oid: 2.5.4.3 diff --git a/tests/tests_key_usage_and_extended_key_usage.yml b/tests/tests_key_usage_and_extended_key_usage.yml index 2056a1d4..c624bfab 100644 --- a/tests/tests_key_usage_and_extended_key_usage.yml +++ b/tests/tests_key_usage_and_extended_key_usage.yml @@ -1,6 +1,12 @@ --- - name: Issue simple self-signed certificate hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificate_requests: @@ -23,9 +29,9 @@ hosts: all vars: certificates: - - path: /etc/pki/tls/certs/mycert_key_usage_and_extended_key_usage.crt + - path: "{{ __certificate_default_directory }}/certs/mycert_key_usage_and_extended_key_usage.crt" key_path: >- - /etc/pki/tls/private/mycert_key_usage_and_extended_key_usage.key + "{{ __certificate_default_directory }}/private/mycert_key_usage_and_extended_key_usage.key" subject: - name: commonName oid: 2.5.4.3 diff --git a/tests/tests_many_self_signed.yml b/tests/tests_many_self_signed.yml index d9365593..ef3bf057 100644 --- a/tests/tests_many_self_signed.yml +++ b/tests/tests_many_self_signed.yml @@ -33,8 +33,8 @@ loop_var: cert vars: certificates: - - path: /etc/pki/tls/certs/mycert_many_self_signed.crt - key_path: /etc/pki/tls/private/mycert_many_self_signed.key + - path: "{{ __certificate_default_directory }}/certs/mycert_many_self_signed.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_many_self_signed.key" subject: - name: commonName oid: 2.5.4.3 @@ -42,8 +42,8 @@ subject_alt_name: - name: DNS value: www.example.com - - path: /etc/pki/tls/certs/other-cert.crt - key_path: /etc/pki/tls/private/other-cert.key + - path: "{{ __certificate_default_directory }}/certs/other-cert.crt" + key_path: "{{ __certificate_default_directory }}/private/other-cert.key" subject: - name: commonName oid: 2.5.4.3 @@ -51,8 +51,8 @@ subject_alt_name: - name: DNS value: www.example.org - - path: /etc/pki/tls/certs/another-cert.crt - key_path: /etc/pki/tls/private/another-cert.key + - path: "{{ __certificate_default_directory }}/certs/another-cert.crt" + key_path: "{{ __certificate_default_directory }}/private/another-cert.key" subject: - name: commonName oid: 2.5.4.3 diff --git a/tests/tests_no_auto_renew.yml b/tests/tests_no_auto_renew.yml index 66fa916c..0a056416 100644 --- a/tests/tests_no_auto_renew.yml +++ b/tests/tests_no_auto_renew.yml @@ -1,6 +1,12 @@ --- - name: Issue simple self-signed certificate hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificate_requests: @@ -18,8 +24,8 @@ hosts: all vars: certificates: - - path: /etc/pki/tls/certs/mycert_no_auto_renew.crt - key_path: /etc/pki/tls/private/mycert_no_auto_renew.key + - path: "{{ __certificate_default_directory }}/certs/mycert_no_auto_renew.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_no_auto_renew.key" subject: - name: commonName oid: 2.5.4.3 @@ -28,8 +34,8 @@ - name: DNS value: www.example.com auto_renew: false - - path: /etc/pki/tls/certs/defaultcert.crt - key_path: /etc/pki/tls/private/defaultcert.key + - path: "{{ __certificate_default_directory }}/certs/defaultcert.crt" + key_path: "{{ __certificate_default_directory }}/private/defaultcert.key" subject: - name: commonName oid: 2.5.4.3 diff --git a/tests/tests_not_wait_for_cert.yml b/tests/tests_not_wait_for_cert.yml index ba6c8e65..b9779eeb 100644 --- a/tests/tests_not_wait_for_cert.yml +++ b/tests/tests_not_wait_for_cert.yml @@ -1,6 +1,12 @@ --- - name: Issue simple self-signed certificate hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificate_wait: false @@ -15,8 +21,8 @@ hosts: all vars: certificates: - - path: /etc/pki/tls/certs/mycert_not_wait_for_cert.crt - key_path: /etc/pki/tls/private/mycert_not_wait_for_cert.key + - path: "{{ __certificate_default_directory }}/certs/mycert_not_wait_for_cert.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_not_wait_for_cert.key" subject: - name: commonName oid: 2.5.4.3 diff --git a/tests/tests_principal.yml b/tests/tests_principal.yml index 77dfa5cc..0cba1e9f 100644 --- a/tests/tests_principal.yml +++ b/tests/tests_principal.yml @@ -1,6 +1,12 @@ --- - name: Test issuing certificate with principal. hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificate_requests: - name: mycert_principal @@ -14,8 +20,8 @@ hosts: all vars: certificates: - - path: /etc/pki/tls/certs/mycert_principal.crt - key_path: /etc/pki/tls/private/mycert_principal.key + - path: "{{ __certificate_default_directory }}/certs/mycert_principal.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_principal.key" subject: - name: commonName oid: 2.5.4.3 @@ -36,7 +42,6 @@ loop_control: loop_var: cert - - name: Test issuing certificate with invalid principal. hosts: all vars: diff --git a/tests/tests_provider.yml b/tests/tests_provider.yml index 06164074..783b2516 100644 --- a/tests/tests_provider.yml +++ b/tests/tests_provider.yml @@ -1,6 +1,12 @@ --- - name: Test issuing certificate with certmonger provider hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificate_requests: - name: mycert_provider @@ -14,8 +20,8 @@ hosts: all vars: certificates: - - path: /etc/pki/tls/certs/mycert_provider.crt - key_path: /etc/pki/tls/private/mycert_provider.key + - path: "{{ __certificate_default_directory }}/certs/mycert_provider.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_provider.key" subject: - name: commonName oid: 2.5.4.3 diff --git a/tests/tests_run_hooks.yml b/tests/tests_run_hooks.yml index b083bc85..0b4a7d6d 100644 --- a/tests/tests_run_hooks.yml +++ b/tests/tests_run_hooks.yml @@ -1,6 +1,12 @@ --- - name: Issue simple self-signed certificate hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificate_requests: @@ -18,8 +24,8 @@ hosts: all vars: certificates: - - path: /etc/pki/tls/certs/mycert_run_hooks.crt - key_path: /etc/pki/tls/private/mycert_run_hooks.key + - path: "{{ __certificate_default_directory }}/certs/mycert_run_hooks.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_run_hooks.key" subject: - name: commonName oid: 2.5.4.3 diff --git a/tests/tests_subject.yml b/tests/tests_subject.yml index ff0974e2..14c7b5fe 100644 --- a/tests/tests_subject.yml +++ b/tests/tests_subject.yml @@ -1,6 +1,12 @@ --- - name: Issue simple self-signed certificate hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificate_requests: @@ -20,8 +26,8 @@ hosts: all vars: certificates: - - path: /etc/pki/tls/certs/mycert_subject.crt - key_path: /etc/pki/tls/private/mycert_subject.key + - path: "{{ __certificate_default_directory }}/certs/mycert_subject.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_subject.key" subject: - name: countryName oid: 2.5.4.6 diff --git a/tests/tests_subject_complex.yml b/tests/tests_subject_complex.yml index 6e1ff53b..048dde7c 100644 --- a/tests/tests_subject_complex.yml +++ b/tests/tests_subject_complex.yml @@ -2,6 +2,12 @@ - name: Issue simple self-signed certificate hosts: all become: true + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificate_requests: @@ -19,8 +25,8 @@ gather_facts: true vars: certificates: - - path: /etc/pki/tls/certs/mycert_subject_complex.crt - key_path: /etc/pki/tls/private/mycert_subject_complex.key + - path: "{{ __certificate_default_directory }}/certs/mycert_subject_complex.crt" + key_path: "{{ __certificate_default_directory }}/private/mycert_subject_complex.key" subject: - name: emailAddress oid: 1.2.840.113549.1.9.1 diff --git a/vars/SLES_15.yml b/vars/SLES_15.yml index 7108b11a..6d63413f 100644 --- a/vars/SLES_15.yml +++ b/vars/SLES_15.yml @@ -5,6 +5,6 @@ __certificate_default_directory: /etc/ssl __certificate_packages: - - python3-cryptography - - python3-dbus-python - - python3-pyasn1 + - python311-cryptography + - python311-dbus-python + - python311-pyasn1 diff --git a/vars/SLES_16.yml b/vars/SLES_16.yml deleted file mode 100644 index 291c6668..00000000 --- a/vars/SLES_16.yml +++ /dev/null @@ -1,10 +0,0 @@ -# SPDX-License-Identifier: MIT ---- -# Put internal variables here with SLES_16 specific values. - -__certificate_default_directory: /etc/ssl - -__certificate_packages: - - python313-cryptography - - python313-dbus-python - - python313-pyasn1 diff --git a/vars/SLES_SAP_15.yml b/vars/SLES_SAP_15.yml index fdec70b9..95009495 100644 --- a/vars/SLES_SAP_15.yml +++ b/vars/SLES_SAP_15.yml @@ -5,6 +5,6 @@ __certificate_default_directory: /etc/ssl __certificate_packages: - - python3-cryptography - - python3-dbus-python - - python3-pyasn1 + - python311-cryptography + - python311-dbus-python + - python311-pyasn1 diff --git a/vars/SLES_SAP_16.yml b/vars/SLES_SAP_16.yml deleted file mode 100644 index e163cfe0..00000000 --- a/vars/SLES_SAP_16.yml +++ /dev/null @@ -1,10 +0,0 @@ -# SPDX-License-Identifier: MIT ---- -# Put internal variables here with SLES_SAP_16 specific values. - -__certificate_default_directory: /etc/ssl - -__certificate_packages: - - python313-cryptography - - python313-dbus-python - - python313-pyasn1 diff --git a/vars/Suse.yml b/vars/Suse.yml new file mode 100644 index 00000000..ae72360a --- /dev/null +++ b/vars/Suse.yml @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: MIT +--- +# SUSE os_family specific values. + +__certificate_default_directory: /etc/ssl + +__certificate_packages: + - python3-cryptography + - python3-dbus-python + - python3-pyasn1 diff --git a/vars/openSUSE Leap_15.yml b/vars/openSUSE Leap_15.yml index aa0718b4..af13bd50 100644 --- a/vars/openSUSE Leap_15.yml +++ b/vars/openSUSE Leap_15.yml @@ -9,4 +9,4 @@ __certificate_default_directory: /etc/ssl __certificate_packages: - python311-cryptography - python311-dbus-python - - python3-pyasn1 + - python311-pyasn1 From e62a040a991048454770e26253e6cb94e2a1af95 Mon Sep 17 00:00:00 2001 From: HVSharma12 Date: Thu, 12 Mar 2026 16:06:36 +0530 Subject: [PATCH 3/5] fix pretask --- tests/tests_basic_self_signed.yml | 13 ++++++------- tests/tests_dns_ip_email.yml | 12 ++++++------ tests/tests_key_usage_and_extended_key_usage.yml | 14 +++++++------- tests/tests_no_auto_renew.yml | 13 ++++++------- tests/tests_not_wait_for_cert.yml | 13 ++++++------- tests/tests_principal.yml | 12 ++++++------ tests/tests_provider.yml | 12 ++++++------ tests/tests_run_hooks.yml | 13 ++++++------- tests/tests_subject.yml | 13 ++++++------- tests/tests_subject_complex.yml | 13 ++++++------- 10 files changed, 61 insertions(+), 67 deletions(-) diff --git a/tests/tests_basic_self_signed.yml b/tests/tests_basic_self_signed.yml index ed4004d7..d47255aa 100644 --- a/tests/tests_basic_self_signed.yml +++ b/tests/tests_basic_self_signed.yml @@ -1,13 +1,6 @@ --- - name: Issue simple self-signed certificate hosts: all - pre_tasks: - - name: Load certificate role platform variables - include_role: - name: linux-system-roles.certificate - tasks_from: set_vars.yml - public: true - vars: certificate_requests: - name: mycert_basic_self_signed @@ -18,6 +11,12 @@ - name: Verify certificate hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificates: - path: "{{ __certificate_default_directory }}/certs/mycert_basic_self_signed.crt" diff --git a/tests/tests_dns_ip_email.yml b/tests/tests_dns_ip_email.yml index 3f72ae24..46af425c 100644 --- a/tests/tests_dns_ip_email.yml +++ b/tests/tests_dns_ip_email.yml @@ -1,12 +1,6 @@ --- - name: Issue certificate with dns, ip and email in SAN hosts: all - pre_tasks: - - name: Load certificate role platform variables - include_role: - name: linux-system-roles.certificate - tasks_from: set_vars.yml - public: true vars: certificate_requests: - name: mycert_dns_ip_email @@ -29,6 +23,12 @@ - name: Verify certificate hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificates: - path: "{{ __certificate_default_directory }}/certs/mycert_dns_ip_email.crt" diff --git a/tests/tests_key_usage_and_extended_key_usage.yml b/tests/tests_key_usage_and_extended_key_usage.yml index c624bfab..0bf11494 100644 --- a/tests/tests_key_usage_and_extended_key_usage.yml +++ b/tests/tests_key_usage_and_extended_key_usage.yml @@ -2,12 +2,6 @@ - name: Issue simple self-signed certificate hosts: all pre_tasks: - - name: Load certificate role platform variables - include_role: - name: linux-system-roles.certificate - tasks_from: set_vars.yml - public: true - vars: certificate_requests: - name: mycert_key_usage_and_extended_key_usage @@ -27,11 +21,17 @@ - name: Verify certificate hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificates: - path: "{{ __certificate_default_directory }}/certs/mycert_key_usage_and_extended_key_usage.crt" key_path: >- - "{{ __certificate_default_directory }}/private/mycert_key_usage_and_extended_key_usage.key" + {{ __certificate_default_directory }}/private/mycert_key_usage_and_extended_key_usage.key subject: - name: commonName oid: 2.5.4.3 diff --git a/tests/tests_no_auto_renew.yml b/tests/tests_no_auto_renew.yml index 0a056416..db1a917b 100644 --- a/tests/tests_no_auto_renew.yml +++ b/tests/tests_no_auto_renew.yml @@ -1,13 +1,6 @@ --- - name: Issue simple self-signed certificate hosts: all - pre_tasks: - - name: Load certificate role platform variables - include_role: - name: linux-system-roles.certificate - tasks_from: set_vars.yml - public: true - vars: certificate_requests: - name: mycert_no_auto_renew @@ -21,6 +14,12 @@ - linux-system-roles.certificate - name: Verify certificate + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true hosts: all vars: certificates: diff --git a/tests/tests_not_wait_for_cert.yml b/tests/tests_not_wait_for_cert.yml index b9779eeb..b74f2b40 100644 --- a/tests/tests_not_wait_for_cert.yml +++ b/tests/tests_not_wait_for_cert.yml @@ -1,13 +1,6 @@ --- - name: Issue simple self-signed certificate hosts: all - pre_tasks: - - name: Load certificate role platform variables - include_role: - name: linux-system-roles.certificate - tasks_from: set_vars.yml - public: true - vars: certificate_wait: false certificate_requests: @@ -19,6 +12,12 @@ - name: Verify certificate hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificates: - path: "{{ __certificate_default_directory }}/certs/mycert_not_wait_for_cert.crt" diff --git a/tests/tests_principal.yml b/tests/tests_principal.yml index 0cba1e9f..f0abea2f 100644 --- a/tests/tests_principal.yml +++ b/tests/tests_principal.yml @@ -1,12 +1,6 @@ --- - name: Test issuing certificate with principal. hosts: all - pre_tasks: - - name: Load certificate role platform variables - include_role: - name: linux-system-roles.certificate - tasks_from: set_vars.yml - public: true vars: certificate_requests: - name: mycert_principal @@ -18,6 +12,12 @@ - name: Verify certificate hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificates: - path: "{{ __certificate_default_directory }}/certs/mycert_principal.crt" diff --git a/tests/tests_provider.yml b/tests/tests_provider.yml index 783b2516..426c6c5b 100644 --- a/tests/tests_provider.yml +++ b/tests/tests_provider.yml @@ -1,12 +1,6 @@ --- - name: Test issuing certificate with certmonger provider hosts: all - pre_tasks: - - name: Load certificate role platform variables - include_role: - name: linux-system-roles.certificate - tasks_from: set_vars.yml - public: true vars: certificate_requests: - name: mycert_provider @@ -18,6 +12,12 @@ - name: Verify certificate hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificates: - path: "{{ __certificate_default_directory }}/certs/mycert_provider.crt" diff --git a/tests/tests_run_hooks.yml b/tests/tests_run_hooks.yml index 0b4a7d6d..d3ee739d 100644 --- a/tests/tests_run_hooks.yml +++ b/tests/tests_run_hooks.yml @@ -1,13 +1,6 @@ --- - name: Issue simple self-signed certificate hosts: all - pre_tasks: - - name: Load certificate role platform variables - include_role: - name: linux-system-roles.certificate - tasks_from: set_vars.yml - public: true - vars: certificate_requests: - name: mycert_run_hooks @@ -22,6 +15,12 @@ - name: Verify certificate hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificates: - path: "{{ __certificate_default_directory }}/certs/mycert_run_hooks.crt" diff --git a/tests/tests_subject.yml b/tests/tests_subject.yml index 14c7b5fe..0a8bacfc 100644 --- a/tests/tests_subject.yml +++ b/tests/tests_subject.yml @@ -1,13 +1,6 @@ --- - name: Issue simple self-signed certificate hosts: all - pre_tasks: - - name: Load certificate role platform variables - include_role: - name: linux-system-roles.certificate - tasks_from: set_vars.yml - public: true - vars: certificate_requests: - name: mycert_subject @@ -24,6 +17,12 @@ - name: Verify certificate hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true vars: certificates: - path: "{{ __certificate_default_directory }}/certs/mycert_subject.crt" diff --git a/tests/tests_subject_complex.yml b/tests/tests_subject_complex.yml index 048dde7c..165f9dc6 100644 --- a/tests/tests_subject_complex.yml +++ b/tests/tests_subject_complex.yml @@ -2,13 +2,6 @@ - name: Issue simple self-signed certificate hosts: all become: true - pre_tasks: - - name: Load certificate role platform variables - include_role: - name: linux-system-roles.certificate - tasks_from: set_vars.yml - public: true - vars: certificate_requests: - name: mycert_subject_complex @@ -21,6 +14,12 @@ - name: Verify certificate hosts: all + pre_tasks: + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true become: true gather_facts: true vars: From f39903a8132033fe8e2d7218a7af6fba1f083c07 Mon Sep 17 00:00:00 2001 From: HVSharma12 Date: Fri, 13 Mar 2026 04:14:21 +0530 Subject: [PATCH 4/5] fix load platform vars before verify --- tests/tests_fs_attrs.yml | 6 ++++++ tests/tests_key_size.yml | 7 +++++++ tests/tests_key_size_reissue.yml | 7 +++++++ tests/tests_key_usage_and_extended_key_usage.yml | 1 - tests/tests_many_self_signed.yml | 6 ++++++ 5 files changed, 26 insertions(+), 1 deletion(-) diff --git a/tests/tests_fs_attrs.yml b/tests/tests_fs_attrs.yml index 4704a701..580525f1 100644 --- a/tests/tests_fs_attrs.yml +++ b/tests/tests_fs_attrs.yml @@ -48,6 +48,12 @@ ca: self-sign when: not __bootc_validation | d(false) + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true + - name: Verify each user/group certificate include_tasks: tasks/assert_certificate_parameters.yml loop: "{{ certificates }}" diff --git a/tests/tests_key_size.yml b/tests/tests_key_size.yml index f0cb7a99..e302e4ed 100644 --- a/tests/tests_key_size.yml +++ b/tests/tests_key_size.yml @@ -14,6 +14,13 @@ dns: www.example.com ca: self-sign key_size: 1024 + + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true + - name: Verify each certificate include_tasks: tasks/assert_certificate_parameters.yml loop: "{{ certificates }}" diff --git a/tests/tests_key_size_reissue.yml b/tests/tests_key_size_reissue.yml index f52181b1..28965b4a 100644 --- a/tests/tests_key_size_reissue.yml +++ b/tests/tests_key_size_reissue.yml @@ -16,6 +16,13 @@ dns: www.example.com ca: self-sign key_size: 4096 + + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true + - name: Verify each certificate include_tasks: tasks/assert_certificate_parameters.yml loop: "{{ certificates }}" diff --git a/tests/tests_key_usage_and_extended_key_usage.yml b/tests/tests_key_usage_and_extended_key_usage.yml index 0bf11494..2ebc16b9 100644 --- a/tests/tests_key_usage_and_extended_key_usage.yml +++ b/tests/tests_key_usage_and_extended_key_usage.yml @@ -1,7 +1,6 @@ --- - name: Issue simple self-signed certificate hosts: all - pre_tasks: vars: certificate_requests: - name: mycert_key_usage_and_extended_key_usage diff --git a/tests/tests_many_self_signed.yml b/tests/tests_many_self_signed.yml index ef3bf057..6dd2f92a 100644 --- a/tests/tests_many_self_signed.yml +++ b/tests/tests_many_self_signed.yml @@ -26,6 +26,12 @@ changed_when: true when: ansible_connection == "buildah" + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true + - name: Verify each certificate include_tasks: tasks/assert_certificate_parameters.yml loop: "{{ certificates }}" From 1e6722862ccb85fd052d5da9e253364d84945b0b Mon Sep 17 00:00:00 2001 From: HVSharma12 Date: Fri, 13 Mar 2026 17:38:50 +0530 Subject: [PATCH 5/5] fix var undefined issue in tests_basic_ipa.yml --- tests/tests_basic_ipa.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/tests_basic_ipa.yml b/tests/tests_basic_ipa.yml index 2d2a9f76..0a85049b 100644 --- a/tests/tests_basic_ipa.yml +++ b/tests/tests_basic_ipa.yml @@ -42,6 +42,12 @@ ca: ipa group: ftp + - name: Load certificate role platform variables + include_role: + name: linux-system-roles.certificate + tasks_from: set_vars.yml + public: true + - name: Verify certificates include_tasks: tasks/assert_certificate_parameters.yml loop: "{{ certificates }}"