openssl_csr: improve subject validation (#53198)

* Improve subject field validation.

* Add country name idempotency test.

* Add failed country name test.

* Add changelog.
This commit is contained in:
Felix Fontein 2019-03-07 16:29:35 +01:00 committed by John R Barker
commit b2e992cecd
4 changed files with 56 additions and 4 deletions

View file

@ -206,3 +206,38 @@
commonName: This is for Ansible
useCommonNameForSAN: no
select_crypto_backend: '{{ select_crypto_backend }}'
- name: Generate CSR with country name
openssl_csr:
path: '{{ output_dir }}/csr4.csr'
privatekey_path: '{{ output_dir }}/privatekey2.pem'
country_name: de
select_crypto_backend: '{{ select_crypto_backend }}'
register: country_idempotent_1
- name: Generate CSR with country name (idempotent)
openssl_csr:
path: '{{ output_dir }}/csr4.csr'
privatekey_path: '{{ output_dir }}/privatekey2.pem'
country_name: de
select_crypto_backend: '{{ select_crypto_backend }}'
register: country_idempotent_2
- name: Generate CSR with country name (idempotent 2)
openssl_csr:
path: '{{ output_dir }}/csr4.csr'
privatekey_path: '{{ output_dir }}/privatekey2.pem'
subject:
C: de
select_crypto_backend: '{{ select_crypto_backend }}'
register: country_idempotent_3
- name: Generate CSR with country name (bad country name)
openssl_csr:
path: '{{ output_dir }}/csr4.csr'
privatekey_path: '{{ output_dir }}/privatekey2.pem'
subject:
C: dex
select_crypto_backend: '{{ select_crypto_backend }}'
register: country_fail_4
ignore_errors: yes

View file

@ -101,3 +101,11 @@
assert:
that:
- csr3_cn.stdout.split('=')[-1] == 'This is for Ansible'
- name: Validate country name idempotency and validation
assert:
that:
- country_idempotent_1 is changed
- country_idempotent_2 is not changed
- country_idempotent_3 is not changed
- country_fail_4 is failed