import_vault_root_ca/molecule/with_custom_ca/verify.yml

---
# This is an example playbook to execute Ansible tests.

# - name: Verify
#   hosts: all
#   gather_facts: false
#   tasks:
#     - name: "Test: directory /usr/local/share/ca-certificates"
#       block:
#         - name: "Stat directory /usr/local/share/ca-certificates"
#           ansible.builtin.stat:
#             path: "/usr/local/share/ca-certificates"
#           register: usr_local_share_ca_certificates
#
#         - name: "Find files in directory /usr/local/share/ca-certificates"
#           ansible.builtin.find:
#             paths: "/usr/local/share/ca-certificates"
#             file_type: file
#           register: usr_local_share_ca_certificates_ls
#
#         - name: "Verify directory /usr/local/share/ca-certificates"
#           ansible.builtin.assert:
#             that:
#               - usr_local_share_ca_certificates.stat.exists
#               - usr_local_share_ca_certificates.stat.isdir
#               - usr_local_share_ca_certificates.stat.pw_name == 'root'
#               - usr_local_share_ca_certificates.stat.gr_name == 'root'
#               - usr_local_share_ca_certificates.stat.mode == '0755'
#               - (usr_local_share_ca_certificates_ls.files|length) == 1
#               - (usr_local_share_ca_certificates_ls.files[0].path|basename) == 'isrg_root.crt'
#
#     - name: "Test: certificate isrg_root.crt"
#       block:
#         - name: "Stat file /usr/local/share/ca-certificates/isrg_root.crt"
#           ansible.builtin.stat:
#             path: "/usr/local/share/ca-certificates/isrg_root.crt"
#           register: isrg_root_file
#
#         - name: "Get certificate info"
#           community.crypto.x509_certificate_info:
#             path: "/usr/local/share/ca-certificates/isrg_root.crt"
#           register: isrg_root_pem
#
#         - name: "Verify certificate is readable"
#           ansible.builtin.assert:
#             that:
#               - isrg_root_file.stat.exists
#               - isrg_root_file.stat.isreg
#               - isrg_root_file.stat.pw_name == 'root'
#               - isrg_root_file.stat.gr_name == 'root'
#               - isrg_root_file.stat.mode == '0644'
#               - not isrg_root_pem.failed
#               - not isrg_root_pem.expired
#               - isrg_root_pem.issuer == isrg_root_pem.subject
started doing tests in ansible since testinfra is being deprecated 2023-05-23 20:20:19 +00:00			`---`
			`# This is an example playbook to execute Ansible tests.`

mostly done 2023-05-24 21:00:18 +00:00			`# - name: Verify`
			`# hosts: all`
			`# gather_facts: false`
			`# tasks:`
			`# - name: "Test: directory /usr/local/share/ca-certificates"`
			`# block:`
			`# - name: "Stat directory /usr/local/share/ca-certificates"`
			`# ansible.builtin.stat:`
			`# path: "/usr/local/share/ca-certificates"`
			`# register: usr_local_share_ca_certificates`
			`#`
			`# - name: "Find files in directory /usr/local/share/ca-certificates"`
			`# ansible.builtin.find:`
			`# paths: "/usr/local/share/ca-certificates"`
			`# file_type: file`
			`# register: usr_local_share_ca_certificates_ls`
			`#`
			`# - name: "Verify directory /usr/local/share/ca-certificates"`
			`# ansible.builtin.assert:`
			`# that:`
			`# - usr_local_share_ca_certificates.stat.exists`
			`# - usr_local_share_ca_certificates.stat.isdir`
			`# - usr_local_share_ca_certificates.stat.pw_name == 'root'`
			`# - usr_local_share_ca_certificates.stat.gr_name == 'root'`
			`# - usr_local_share_ca_certificates.stat.mode == '0755'`
			`# - (usr_local_share_ca_certificates_ls.files\|length) == 1`
			`# - (usr_local_share_ca_certificates_ls.files[0].path\|basename) == 'isrg_root.crt'`
			`#`
			`# - name: "Test: certificate isrg_root.crt"`
			`# block:`
			`# - name: "Stat file /usr/local/share/ca-certificates/isrg_root.crt"`
			`# ansible.builtin.stat:`
			`# path: "/usr/local/share/ca-certificates/isrg_root.crt"`
			`# register: isrg_root_file`
			`#`
			`# - name: "Get certificate info"`
			`# community.crypto.x509_certificate_info:`
			`# path: "/usr/local/share/ca-certificates/isrg_root.crt"`
			`# register: isrg_root_pem`
			`#`
			`# - name: "Verify certificate is readable"`
			`# ansible.builtin.assert:`
			`# that:`
			`# - isrg_root_file.stat.exists`
			`# - isrg_root_file.stat.isreg`
			`# - isrg_root_file.stat.pw_name == 'root'`
			`# - isrg_root_file.stat.gr_name == 'root'`
			`# - isrg_root_file.stat.mode == '0644'`
			`# - not isrg_root_pem.failed`
			`# - not isrg_root_pem.expired`
			`# - isrg_root_pem.issuer == isrg_root_pem.subject`