feat: Add openSUSE Leap vars

meta/main.yml

@@ -27,6 +27,7 @@ galaxy_info:
     - fedora
     - redhat
     - rhel
+    - leap
     - ssl
     - system
     - tls

tests/tests_basic_ipa.yml

@@ -20,7 +20,8 @@
 
         - name: Skip if not supported
           meta: end_host
-          when: __ostree_booted_stat.stat.exists
+          when: __ostree_booted_stat.stat.exists or
+            ansible_facts['os_family'] == 'Suse'
 
     - name: Setup IPA
       import_tasks: tasks/setup_ipa.yml
@@ -41,15 +42,21 @@
             ca: ipa
             group: ftp
 
+    - name: Load certificate role platform variables
+      include_role:
+        name: linux-system-roles.certificate
+        tasks_from: set_vars.yml
+        public: true
+
     - name: Verify certificates
       include_tasks: tasks/assert_certificate_parameters.yml
       loop: "{{ certificates }}"
       loop_control:
         loop_var: cert
       vars:
         certificates:
-          - path: /etc/pki/tls/certs/mycert_basic_ipa.crt
-            key_path: /etc/pki/tls/private/mycert_basic_ipa.key
+          - path: "{{ __certificate_default_directory }}/certs/mycert_basic_ipa.crt"
+            key_path: "{{ __certificate_default_directory }}/private/mycert_basic_ipa.key"
             subject:
               - name: commonName
                 oid: 2.5.4.3
@@ -73,8 +80,8 @@
               - key_encipherment
               - data_encipherment
 
-          - path: /etc/pki/tls/certs/groupcert.crt
-            key_path: /etc/pki/tls/private/groupcert.key
+          - path: "{{ __certificate_default_directory }}/certs/groupcert.crt"
+            key_path: "{{ __certificate_default_directory }}/private/groupcert.key"
             owner: root
             group: ftp
             mode: "0640"

tests/tests_basic_self_signed.yml

@@ -1,7 +1,6 @@
 ---
 - name: Issue simple self-signed certificate
   hosts: all
-
   vars:
     certificate_requests:
       - name: mycert_basic_self_signed
@@ -12,10 +11,16 @@
 
 - name: Verify certificate
   hosts: all
+  pre_tasks:
+    - name: Load certificate role platform variables
+      include_role:
+        name: linux-system-roles.certificate
+        tasks_from: set_vars.yml
+        public: true
   vars:
     certificates:
-      - path: /etc/pki/tls/certs/mycert_basic_self_signed.crt
-        key_path: /etc/pki/tls/private/mycert_basic_self_signed.key
+      - path: "{{ __certificate_default_directory }}/certs/mycert_basic_self_signed.crt"
+        key_path: "{{ __certificate_default_directory }}/private/mycert_basic_self_signed.key"
         subject:
           - name: commonName
             oid: 2.5.4.3

tests/tests_dns_ip_email.yml

@@ -23,10 +23,16 @@
 
 - name: Verify certificate
   hosts: all
+  pre_tasks:
+    - name: Load certificate role platform variables
+      include_role:
+        name: linux-system-roles.certificate
+        tasks_from: set_vars.yml
+        public: true
   vars:
     certificates:
-      - path: /etc/pki/tls/certs/mycert_dns_ip_email.crt
-        key_path: /etc/pki/tls/private/mycert_dns_ip_email.key
+      - path: "{{ __certificate_default_directory }}/certs/mycert_dns_ip_email.crt"
+        key_path: "{{ __certificate_default_directory }}/private/mycert_dns_ip_email.key"
         subject:
           - name: commonName
             oid: 2.5.4.3

tests/tests_fs_attrs.yml

@@ -2,6 +2,23 @@
 - name: Ensure UID and GID exists
   hosts: all
   tasks:
+    - name: Ensure ftp group exists
+      group:
+        name: ftp
+        system: true
+      when:
+        - not __bootc_validation | d(false)
+        - ansible_facts['os_family'] == 'Suse'
+
+    - name: Ensure ftp user exists
+      user:
+        name: ftp
+        group: ftp
+        system: true
+      when:
+        - not __bootc_validation | d(false)
+        - ansible_facts['os_family'] == 'Suse'
+
     - name: Ensure user exists
       user:
         name: user1
@@ -31,15 +48,21 @@
             ca: self-sign
       when: not __bootc_validation | d(false)
 
+    - name: Load certificate role platform variables
+      include_role:
+        name: linux-system-roles.certificate
+        tasks_from: set_vars.yml
+        public: true
+
     - name: Verify each user/group certificate
       include_tasks: tasks/assert_certificate_parameters.yml
       loop: "{{ certificates }}"
       loop_control:
         loop_var: cert
       vars:
         certificates:
-          - path: /etc/pki/tls/certs/mycert_fs_attrs.crt
-            key_path: /etc/pki/tls/private/mycert_fs_attrs.key
+          - path: "{{ __certificate_default_directory }}/certs/mycert_fs_attrs.crt"
+            key_path: "{{ __certificate_default_directory }}/private/mycert_fs_attrs.key"
             subject:
               - name: commonName
                 oid: 2.5.4.3
@@ -50,8 +73,8 @@
             owner: ftp
             group: ftp
             mode: "0640"
-          - path: /etc/pki/tls/certs/certid.crt
-            key_path: /etc/pki/tls/private/certid.key
+          - path: "{{ __certificate_default_directory }}/certs/certid.crt"
+            key_path: "{{ __certificate_default_directory }}/private/certid.key"
             subject:
               - name: commonName
                 oid: 2.5.4.3
@@ -96,8 +119,8 @@
         loop_var: cert
       vars:
         certificates:
-          - path: /etc/pki/tls/certs/mycert_fs_attrs_mode.crt
-            key_path: /etc/pki/tls/private/mycert_fs_attrs_mode.key
+          - path: "{{ __certificate_default_directory }}/certs/mycert_fs_attrs_mode.crt"
+            key_path: "{{ __certificate_default_directory }}/private/mycert_fs_attrs_mode.key"
             subject:
               - name: commonName
                 oid: 2.5.4.3
@@ -108,8 +131,8 @@
             owner: ftp
             group: ftp
             mode: "0620"
-          - path: /etc/pki/tls/certs/certid_mode.crt
-            key_path: /etc/pki/tls/private/certid_mode.key
+          - path: "{{ __certificate_default_directory }}/certs/certid_mode.crt"
+            key_path: "{{ __certificate_default_directory }}/private/certid_mode.key"
             subject:
               - name: commonName
                 oid: 2.5.4.3

tests/tests_key_size.yml

@@ -14,15 +14,22 @@
                 dns: www.example.com
                 ca: self-sign
                 key_size: 1024
+
+        - name: Load certificate role platform variables
+          include_role:
+            name: linux-system-roles.certificate
+            tasks_from: set_vars.yml
+            public: true
+
         - name: Verify each certificate
           include_tasks: tasks/assert_certificate_parameters.yml
           loop: "{{ certificates }}"
           loop_control:
             loop_var: cert
           vars:
             certificates:
-              - path: /etc/pki/tls/certs/mycert_key_size.crt
-                key_path: /etc/pki/tls/private/mycert_key_size.key
+              - path: "{{ __certificate_default_directory }}/certs/mycert_key_size.crt"
+                key_path: "{{ __certificate_default_directory }}/private/mycert_key_size.key"
                 subject:
                   - name: commonName
                     oid: 2.5.4.3

tests/tests_key_size_reissue.yml

@@ -16,15 +16,22 @@
                 dns: www.example.com
                 ca: self-sign
                 key_size: 4096
+
+        - name: Load certificate role platform variables
+          include_role:
+            name: linux-system-roles.certificate
+            tasks_from: set_vars.yml
+            public: true
+
         - name: Verify each certificate
           include_tasks: tasks/assert_certificate_parameters.yml
           loop: "{{ certificates }}"
           loop_control:
             loop_var: cert
           vars:
             certificates:
-              - path: /etc/pki/tls/certs/mycert_key_size.crt
-                key_path: /etc/pki/tls/private/mycert_key_size.key
+              - path: "{{ __certificate_default_directory }}/certs/mycert_key_size.crt"
+                key_path: "{{ __certificate_default_directory }}/private/mycert_key_size.key"
                 subject:
                   - name: commonName
                     oid: 2.5.4.3
@@ -73,8 +80,8 @@
         loop_var: cert
       vars:
         certificates:
-          - path: /etc/pki/tls/certs/mycert_key_size.crt
-            key_path: /etc/pki/tls/private/mycert_key_size.key
+          - path: "{{ __certificate_default_directory }}/certs/mycert_key_size.crt"
+            key_path: "{{ __certificate_default_directory }}/private/mycert_key_size.key"
             subject:
               - name: commonName
                 oid: 2.5.4.3

tests/tests_key_usage_and_extended_key_usage.yml

@@ -1,7 +1,6 @@
 ---
 - name: Issue simple self-signed certificate
   hosts: all
-
   vars:
     certificate_requests:
       - name: mycert_key_usage_and_extended_key_usage
@@ -21,11 +20,17 @@
 
 - name: Verify certificate
   hosts: all
+  pre_tasks:
+    - name: Load certificate role platform variables
+      include_role:
+        name: linux-system-roles.certificate
+        tasks_from: set_vars.yml
+        public: true
   vars:
     certificates:
-      - path: /etc/pki/tls/certs/mycert_key_usage_and_extended_key_usage.crt
+      - path: "{{ __certificate_default_directory }}/certs/mycert_key_usage_and_extended_key_usage.crt"
         key_path: >-
-          /etc/pki/tls/private/mycert_key_usage_and_extended_key_usage.key
+          {{ __certificate_default_directory }}/private/mycert_key_usage_and_extended_key_usage.key
         subject:
           - name: commonName
             oid: 2.5.4.3

tests/tests_many_self_signed.yml

@@ -26,33 +26,39 @@
       changed_when: true
       when: ansible_connection == "buildah"
 
+    - name: Load certificate role platform variables
+      include_role:
+        name: linux-system-roles.certificate
+        tasks_from: set_vars.yml
+        public: true
+
     - name: Verify each certificate
       include_tasks: tasks/assert_certificate_parameters.yml
       loop: "{{ certificates }}"
       loop_control:
         loop_var: cert
       vars:
         certificates:
-          - path: /etc/pki/tls/certs/mycert_many_self_signed.crt
-            key_path: /etc/pki/tls/private/mycert_many_self_signed.key
+          - path: "{{ __certificate_default_directory }}/certs/mycert_many_self_signed.crt"
+            key_path: "{{ __certificate_default_directory }}/private/mycert_many_self_signed.key"
             subject:
               - name: commonName
                 oid: 2.5.4.3
                 value: www.example.com
             subject_alt_name:
               - name: DNS
                 value: www.example.com
-          - path: /etc/pki/tls/certs/other-cert.crt
-            key_path: /etc/pki/tls/private/other-cert.key
+          - path: "{{ __certificate_default_directory }}/certs/other-cert.crt"
+            key_path: "{{ __certificate_default_directory }}/private/other-cert.key"
             subject:
               - name: commonName
                 oid: 2.5.4.3
                 value: www.example.org
             subject_alt_name:
               - name: DNS
                 value: www.example.org
-          - path: /etc/pki/tls/certs/another-cert.crt
-            key_path: /etc/pki/tls/private/another-cert.key
+          - path: "{{ __certificate_default_directory }}/certs/another-cert.crt"
+            key_path: "{{ __certificate_default_directory }}/private/another-cert.key"
             subject:
               - name: commonName
                 oid: 2.5.4.3

tests/tests_no_auto_renew.yml

@@ -1,7 +1,6 @@
 ---
 - name: Issue simple self-signed certificate
   hosts: all
-
   vars:
     certificate_requests:
       - name: mycert_no_auto_renew
@@ -15,11 +14,17 @@
     - linux-system-roles.certificate
 
 - name: Verify certificate
+  pre_tasks:
+    - name: Load certificate role platform variables
+      include_role:
+        name: linux-system-roles.certificate
+        tasks_from: set_vars.yml
+        public: true
   hosts: all
   vars:
     certificates:
-      - path: /etc/pki/tls/certs/mycert_no_auto_renew.crt
-        key_path: /etc/pki/tls/private/mycert_no_auto_renew.key
+      - path: "{{ __certificate_default_directory }}/certs/mycert_no_auto_renew.crt"
+        key_path: "{{ __certificate_default_directory }}/private/mycert_no_auto_renew.key"
         subject:
           - name: commonName
             oid: 2.5.4.3
@@ -28,8 +33,8 @@
           - name: DNS
             value: www.example.com
         auto_renew: false
-      - path: /etc/pki/tls/certs/defaultcert.crt
-        key_path: /etc/pki/tls/private/defaultcert.key
+      - path: "{{ __certificate_default_directory }}/certs/defaultcert.crt"
+        key_path: "{{ __certificate_default_directory }}/private/defaultcert.key"
         subject:
           - name: commonName
             oid: 2.5.4.3

tests/tests_not_wait_for_cert.yml

@@ -1,7 +1,6 @@
 ---
 - name: Issue simple self-signed certificate
   hosts: all
-
   vars:
     certificate_wait: false
     certificate_requests:
@@ -13,10 +12,16 @@
 
 - name: Verify certificate
   hosts: all
+  pre_tasks:
+    - name: Load certificate role platform variables
+      include_role:
+        name: linux-system-roles.certificate
+        tasks_from: set_vars.yml
+        public: true
   vars:
     certificates:
-      - path: /etc/pki/tls/certs/mycert_not_wait_for_cert.crt
-        key_path: /etc/pki/tls/private/mycert_not_wait_for_cert.key
+      - path: "{{ __certificate_default_directory }}/certs/mycert_not_wait_for_cert.crt"
+        key_path: "{{ __certificate_default_directory }}/private/mycert_not_wait_for_cert.key"
         subject:
           - name: commonName
             oid: 2.5.4.3