feat(tests): add molecule scenario for testing CA
All checks were successful
development / Check commit compliance (push) Successful in 25s
All checks were successful
development / Check commit compliance (push) Successful in 25s
This commit is contained in:
parent
0852eae2fc
commit
9371296d80
SSH Key Fingerprint:
SHA256:/nqc6HGqld/PS208F6FUOvZlUzTS0rGpNNwR5O2bQBw
8
molecule/hashistack_ca_default/converge.yml
Normal file
8
molecule/hashistack_ca_default/converge.yml
Normal file
@ -0,0 +1,8 @@
|
||||
---
|
||||
- name: Converge
|
||||
hosts: all
|
||||
become: true
|
||||
tasks:
|
||||
- name: "Include ednz_cloud.hashistack.hashistack_ca"
|
||||
ansible.builtin.include_role:
|
||||
name: "ednz_cloud.hashistack.hashistack_ca"
|
||||
67
molecule/hashistack_ca_default/group_vars/all.yml
Normal file
67
molecule/hashistack_ca_default/group_vars/all.yml
Normal file
@ -0,0 +1,67 @@
|
||||
---
|
||||
# defaults file for hashistack_ca
|
||||
hashistack_ca_directory: "{{ lookup('env', 'PWD') }}/etc/hashistack/certificates"
|
||||
hashistack_ca_use_cryptography: false
|
||||
hashistack_ca_action: "noop"
|
||||
hashistack_ca_domain: ednz.fr
|
||||
|
||||
##############################
|
||||
# Root Certificate Authority #
|
||||
##############################
|
||||
hashistack_ca_root_org_name: EDNZ Cloud
|
||||
hashistack_ca_root_country: FR
|
||||
hashistack_ca_root_locality: Paris
|
||||
hashistack_ca_root_common_name: "{{ hashistack_ca_domain }} Root CA"
|
||||
hashistack_ca_root_email:
|
||||
hashistack_ca_root_key_usage:
|
||||
- keyCertSign
|
||||
- cRLSign
|
||||
hashistack_ca_root_key_usage_critical: true
|
||||
hashistack_ca_root_basic_constraints:
|
||||
- CA:TRUE
|
||||
hashistack_ca_root_basic_constraints_critical: true
|
||||
|
||||
# Optional fields
|
||||
hashistack_ca_root_state_or_province_name:
|
||||
hashistack_ca_root_email_address:
|
||||
|
||||
# Validity
|
||||
hashistack_ca_root_valid_for: 0d
|
||||
hashistack_ca_root_renew_threshold: 0d
|
||||
|
||||
######################################
|
||||
# Intermediate Certificate Authority #
|
||||
######################################
|
||||
hashistack_ca_intermediate_org_name: EDNZ Cloud Intermediate
|
||||
hashistack_ca_intermediate_country: FR
|
||||
hashistack_ca_intermediate_locality: Paris
|
||||
hashistack_ca_intermediate_common_name: "{{ hashistack_ca_domain }} Intermediate CA"
|
||||
hashistack_ca_intermediate_email:
|
||||
hashistack_ca_intermediate_key_usage:
|
||||
- keyCertSign
|
||||
- cRLSign
|
||||
hashistack_ca_intermediate_key_usage_critical: true
|
||||
hashistack_ca_intermediate_basic_constraints:
|
||||
- CA:TRUE
|
||||
- pathlen:0
|
||||
hashistack_ca_intermediate_basic_constraints_critical: true
|
||||
|
||||
# Optional fields
|
||||
hashistack_ca_intermediate_state_or_province_name:
|
||||
hashistack_ca_intermediate_email_address:
|
||||
|
||||
# Validity
|
||||
hashistack_ca_intermediate_valid_for: 365d
|
||||
hashistack_ca_intermediate_renew_threshold: 90d
|
||||
|
||||
# Name Constraints
|
||||
hashistack_ca_intermediate_name_constraints_permitted:
|
||||
- DNS:.nomad
|
||||
- DNS:.consul
|
||||
- DNS:.example.com
|
||||
- DNS:localhost
|
||||
- IP:192.168.0.0/16
|
||||
- IP:172.16.0.0/16
|
||||
- IP:10.0.0.0/8
|
||||
- IP:127.0.0.0/8
|
||||
hashistack_ca_intermediate_name_constraints_critical: "{{ (hashistack_ca_intermediate_name_constraints_permitted is defined and hashistack_ca_intermediate_name_constraints_permitted | length > 0) }}"
|
||||
37
molecule/hashistack_ca_default/molecule.yml
Normal file
37
molecule/hashistack_ca_default/molecule.yml
Normal file
@ -0,0 +1,37 @@
|
||||
---
|
||||
dependency:
|
||||
name: galaxy
|
||||
options:
|
||||
requirements-file: ./requirements.yml
|
||||
driver:
|
||||
name: docker
|
||||
platforms:
|
||||
- name: instance
|
||||
image: geerlingguy/docker-${MOLECULE_TEST_OS}-ansible
|
||||
command: ""
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup
|
||||
cgroupns_mode: host
|
||||
privileged: true
|
||||
pre_build_image: true
|
||||
provisioner:
|
||||
name: ansible
|
||||
config_options:
|
||||
defaults:
|
||||
remote_tmp: /tmp/.ansible
|
||||
verifier:
|
||||
name: ansible
|
||||
scenario:
|
||||
name: hashistack_ca_default
|
||||
test_sequence:
|
||||
- dependency
|
||||
- cleanup
|
||||
- destroy
|
||||
- syntax
|
||||
- create
|
||||
- prepare
|
||||
- converge
|
||||
- idempotence
|
||||
- verify
|
||||
- cleanup
|
||||
- destroy
|
||||
13
molecule/hashistack_ca_default/prepare.yml
Normal file
13
molecule/hashistack_ca_default/prepare.yml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
- name: Prepare
|
||||
hosts: all
|
||||
become: true
|
||||
tasks:
|
||||
- name: "Install pre-required system packages"
|
||||
ansible.builtin.include_role:
|
||||
name: ednz_cloud.manage_apt_packages
|
||||
vars:
|
||||
manage_apt_packages_list:
|
||||
- name: unzip
|
||||
version: latest
|
||||
state: present
|
||||
4
molecule/hashistack_ca_default/requirements.yml
Normal file
4
molecule/hashistack_ca_default/requirements.yml
Normal file
@ -0,0 +1,4 @@
|
||||
---
|
||||
# requirements file for molecule
|
||||
roles:
|
||||
- name: ednz_cloud.manage_apt_packages
|
||||
6
molecule/hashistack_ca_default/verify.yml
Normal file
6
molecule/hashistack_ca_default/verify.yml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
- name: Verify
|
||||
hosts: all
|
||||
gather_facts: true
|
||||
become: true
|
||||
tasks: []
|
||||
Loading…
Reference in New Issue
Block a user