Module to generate Diffie-Hellman parameters (#32620)

* Module to generate Diffie-Hellman parameters

Implements #32577

* Add integration tests for openssl_dhparam

* Slightly refactor check to prevent unnecessary regeneration

* Fix code smell in tests

Highly annoying to have to do this again and again and again as the rules change during the game

* Using module.run_command() and module.atomic_move() from a tempfile.

* Remove underscore variable

Ansible prefers dummy

test/integration/targets/openssl_dhparam/aliases

@@ -0,0 +1,2 @@
+posix/ci/group1
+destructive

test/integration/targets/openssl_dhparam/tasks/main.yml

@@ -0,0 +1,44 @@
+- block:
+    # This module generates unsafe parameters for testing purposes
+    # otherwise tests would be too slow
+    - name: Generate parameter
+      openssl_dhparam:
+        size: 768
+        path: '{{ output_dir }}/dh768.pem'
+
+    - name: Don't regenerate parameters with no change
+      openssl_dhparam:
+        size: 768
+        path: '{{ output_dir }}/dh768.pem'
+      register: dhparam_changed
+
+    - name: Generate parameters with size option
+      openssl_dhparam:
+        path: '{{ output_dir }}/dh512.pem'
+        size: 512
+
+    - name: Don't regenerate parameters with size option and no change
+      openssl_dhparam:
+        path: '{{ output_dir }}/dh512.pem'
+        size: 512
+      register: dhparam_changed_512
+
+    - copy:
+        src: '{{ output_dir }}/dh768.pem'
+        remote_src: yes
+        dest: '{{ output_dir }}/dh512.pem'
+
+    - name: Re-generate if size is different
+      openssl_dhparam:
+        path: '{{ output_dir }}/dh512.pem'
+        size: 512
+      register: dhparam_changed_to_512
+
+    - name: Force re-generate parameters with size option
+      openssl_dhparam:
+        path: '{{ output_dir }}/dh512.pem'
+        size: 512
+        force: yes
+      register: dhparam_changed_force
+
+    - import_tasks: ../tests/validate.yml

test/integration/targets/openssl_dhparam/tests/validate.yml

@@ -0,0 +1,32 @@
+---
+- name: Validate generated params
+  shell: 'openssl dhparam -in {{ output_dir }}/{{ item }}.pem -noout -check'
+  with_items:
+    - dh768
+    - dh512
+
+- name: Get bit size of 768
+  shell: 'openssl dhparam -noout -in {{ output_dir }}/dh768.pem -text | head -n1 | sed -ne "s@.*(\\([[:digit:]]\{1,\}\\) bit).*@\\1@p"'
+  register: bit_size_dhparam
+
+- name: Check bit size of default
+  assert:
+    that:
+      - bit_size_dhparam.stdout == "768"
+
+- name: Get bit size of 512
+  shell: 'openssl dhparam -noout -in {{ output_dir }}/dh512.pem -text | head -n1 | sed -ne "s@.*(\\([[:digit:]]\{1,\}\\) bit).*@\\1@p"'
+  register: bit_size_dhparam_512
+
+- name: Check bit size of default
+  assert:
+    that:
+      - bit_size_dhparam_512.stdout == "512"
+
+- name: Check if changed works correctly
+  assert:
+    that:
+      - dhparam_changed is not changed
+      - dhparam_changed_512 is not changed
+      - dhparam_changed_to_512 is changed
+      - dhparam_changed_force is changed