openssl_csr: improve subject validation (#53198)

* Improve subject field validation. * Add country name idempotency test. * Add failed country name test. * Add changelog.
2025-07-25 14:20:22 -07:00 · 2019-03-07 16:29:35 +01:00 · 2019-03-07 16:29:35 +01:00 · b2e992cecd
commit b2e992cecd
parent 264d9a9008
4 changed files with 56 additions and 4 deletions
--- a/test/integration/targets/openssl_csr/tasks/impl.yml
+++ b/test/integration/targets/openssl_csr/tasks/impl.yml
@ -206,3 +206,38 @@
      commonName: This is for Ansible
    useCommonNameForSAN: no
    select_crypto_backend: '{{ select_crypto_backend }}'
+
+- name: Generate CSR with country name
+  openssl_csr:
+    path: '{{ output_dir }}/csr4.csr'
+    privatekey_path: '{{ output_dir }}/privatekey2.pem'
+    country_name: de
+    select_crypto_backend: '{{ select_crypto_backend }}'
+  register: country_idempotent_1
+
+- name: Generate CSR with country name (idempotent)
+  openssl_csr:
+    path: '{{ output_dir }}/csr4.csr'
+    privatekey_path: '{{ output_dir }}/privatekey2.pem'
+    country_name: de
+    select_crypto_backend: '{{ select_crypto_backend }}'
+  register: country_idempotent_2
+
+- name: Generate CSR with country name (idempotent 2)
+  openssl_csr:
+    path: '{{ output_dir }}/csr4.csr'
+    privatekey_path: '{{ output_dir }}/privatekey2.pem'
+    subject:
+      C: de
+    select_crypto_backend: '{{ select_crypto_backend }}'
+  register: country_idempotent_3
+
+- name: Generate CSR with country name (bad country name)
+  openssl_csr:
+    path: '{{ output_dir }}/csr4.csr'
+    privatekey_path: '{{ output_dir }}/privatekey2.pem'
+    subject:
+      C: dex
+    select_crypto_backend: '{{ select_crypto_backend }}'
+  register: country_fail_4
+  ignore_errors: yes
--- a/test/integration/targets/openssl_csr/tests/validate.yml
+++ b/test/integration/targets/openssl_csr/tests/validate.yml
@ -101,3 +101,11 @@
  assert:
    that:
      - csr3_cn.stdout.split('=')[-1] == 'This is for Ansible'
+
+- name: Validate country name idempotency and validation
+  assert:
+    that:
+      - country_idempotent_1 is changed
+      - country_idempotent_2 is not changed
+      - country_idempotent_3 is not changed
+      - country_fail_4 is failed