import_vault_root_ca/molecule/with_custom_ca/verify.yml

54 lines
2.1 KiB
YAML
Raw Permalink Normal View History

---
2023-05-25 07:30:55 +00:00
- name: Verify
hosts: all
2023-12-03 16:27:02 +00:00
gather_facts: true
become: true
2023-05-25 07:30:55 +00:00
tasks:
- name: "Test: directory /usr/local/share/ca-certificates"
block:
- name: "Stat directory /usr/local/share/ca-certificates"
ansible.builtin.stat:
path: "/usr/local/share/ca-certificates"
register: usr_local_share_ca_certificates
- name: "Find files in directory /usr/local/share/ca-certificates"
ansible.builtin.find:
paths: "/usr/local/share/ca-certificates"
file_type: file
register: usr_local_share_ca_certificates_ls
- name: "Verify directory /usr/local/share/ca-certificates"
ansible.builtin.assert:
that:
- usr_local_share_ca_certificates.stat.exists
- usr_local_share_ca_certificates.stat.isdir
- usr_local_share_ca_certificates.stat.pw_name == 'root'
- usr_local_share_ca_certificates.stat.gr_name == 'root'
- usr_local_share_ca_certificates.stat.mode == '0755'
- (usr_local_share_ca_certificates_ls.files|length) == 1
- (usr_local_share_ca_certificates_ls.files[0].path|basename) == 'isrg_root.crt'
- name: "Test: certificate isrg_root.crt"
block:
- name: "Stat file /usr/local/share/ca-certificates/isrg_root.crt"
ansible.builtin.stat:
path: "/usr/local/share/ca-certificates/isrg_root.crt"
register: isrg_root_file
- name: "Get certificate info"
community.crypto.x509_certificate_info:
path: "/usr/local/share/ca-certificates/isrg_root.crt"
register: isrg_root_pem
- name: "Verify certificate is readable"
ansible.builtin.assert:
that:
- isrg_root_file.stat.exists
- isrg_root_file.stat.isreg
- isrg_root_file.stat.pw_name == 'root'
- isrg_root_file.stat.gr_name == 'root'
- isrg_root_file.stat.mode == '0644'
- not isrg_root_pem.failed
- not isrg_root_pem.expired
- isrg_root_pem.issuer == isrg_root_pem.subject