feat: add become, add vagrant tests, fix #1
All checks were successful
test / Linting (push) Successful in 9s
test / Molecule tests (default, debian11) (push) Successful in 35s
test / Molecule tests (default, debian12) (push) Successful in 43s
test / Molecule tests (default, ubuntu2004) (push) Successful in 42s
test / Molecule tests (default, ubuntu2204) (push) Successful in 39s
test / Molecule tests (with_custom_ca, debian11) (push) Successful in 41s
test / Molecule tests (with_custom_ca, debian12) (push) Successful in 42s
test / Molecule tests (with_custom_ca, ubuntu2004) (push) Successful in 46s
test / Molecule tests (with_custom_ca, ubuntu2204) (push) Successful in 50s
All checks were successful
test / Linting (push) Successful in 9s
test / Molecule tests (default, debian11) (push) Successful in 35s
test / Molecule tests (default, debian12) (push) Successful in 43s
test / Molecule tests (default, ubuntu2004) (push) Successful in 42s
test / Molecule tests (default, ubuntu2204) (push) Successful in 39s
test / Molecule tests (with_custom_ca, debian11) (push) Successful in 41s
test / Molecule tests (with_custom_ca, debian12) (push) Successful in 42s
test / Molecule tests (with_custom_ca, ubuntu2004) (push) Successful in 46s
test / Molecule tests (with_custom_ca, ubuntu2204) (push) Successful in 50s
This commit is contained in:
parent
263da6e7ab
commit
2ae5d8826d
@ -3,4 +3,5 @@
|
|||||||
- name: "Update the trust store"
|
- name: "Update the trust store"
|
||||||
ansible.builtin.command: update-ca-certificates
|
ansible.builtin.command: update-ca-certificates
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
become: true
|
||||||
listen: "update-ca-certificates"
|
listen: "update-ca-certificates"
|
||||||
|
7
molecule/default_vagrant/converge.yml
Normal file
7
molecule/default_vagrant/converge.yml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
- name: Converge
|
||||||
|
hosts: all
|
||||||
|
tasks:
|
||||||
|
- name: "Include ednxzu.import_vault_root_ca"
|
||||||
|
ansible.builtin.include_role:
|
||||||
|
name: "ednxzu.import_vault_root_ca"
|
35
molecule/default_vagrant/molecule.yml
Normal file
35
molecule/default_vagrant/molecule.yml
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
---
|
||||||
|
dependency:
|
||||||
|
name: galaxy
|
||||||
|
options:
|
||||||
|
requirements-file: ./requirements.yml
|
||||||
|
driver:
|
||||||
|
name: vagrant
|
||||||
|
provider:
|
||||||
|
name: libvirt
|
||||||
|
platforms:
|
||||||
|
- name: instance
|
||||||
|
box: generic/${MOLECULE_TEST_OS}
|
||||||
|
cpus: 4
|
||||||
|
memory: 4096
|
||||||
|
provisioner:
|
||||||
|
name: ansible
|
||||||
|
config_options:
|
||||||
|
defaults:
|
||||||
|
remote_tmp: /tmp/.ansible
|
||||||
|
verifier:
|
||||||
|
name: ansible
|
||||||
|
scenario:
|
||||||
|
name: default_vagrant
|
||||||
|
test_sequence:
|
||||||
|
- dependency
|
||||||
|
- cleanup
|
||||||
|
- destroy
|
||||||
|
- syntax
|
||||||
|
- create
|
||||||
|
- prepare
|
||||||
|
- converge
|
||||||
|
- idempotence
|
||||||
|
- verify
|
||||||
|
- cleanup
|
||||||
|
- destroy
|
4
molecule/default_vagrant/requirements.yml
Normal file
4
molecule/default_vagrant/requirements.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
# requirements file for molecule
|
||||||
|
roles:
|
||||||
|
- name: ednxzu.manage_apt_packages
|
27
molecule/default_vagrant/verify.yml
Normal file
27
molecule/default_vagrant/verify.yml
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
---
|
||||||
|
- name: Verify
|
||||||
|
hosts: all
|
||||||
|
gather_facts: true
|
||||||
|
tasks:
|
||||||
|
- name: "Test: directory /usr/local/share/ca-certificates"
|
||||||
|
block:
|
||||||
|
- name: "Stat directory /usr/local/share/ca-certificates"
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: "/usr/local/share/ca-certificates"
|
||||||
|
register: usr_local_share_ca_certificates
|
||||||
|
|
||||||
|
- name: "Find files in directory /usr/local/share/ca-certificates"
|
||||||
|
ansible.builtin.find:
|
||||||
|
paths: "/usr/local/share/ca-certificates"
|
||||||
|
file_type: file
|
||||||
|
register: usr_local_share_ca_certificates_ls
|
||||||
|
|
||||||
|
- name: "Verify directory /usr/local/share/ca-certificates"
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that:
|
||||||
|
- usr_local_share_ca_certificates.stat.exists
|
||||||
|
- usr_local_share_ca_certificates.stat.isdir
|
||||||
|
- usr_local_share_ca_certificates.stat.pw_name == 'root'
|
||||||
|
- usr_local_share_ca_certificates.stat.gr_name == 'root'
|
||||||
|
- usr_local_share_ca_certificates.stat.mode == '0755'
|
||||||
|
- (usr_local_share_ca_certificates_ls.files|length) == 0
|
7
molecule/with_custom_ca_vagrant/converge.yml
Normal file
7
molecule/with_custom_ca_vagrant/converge.yml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
- name: Converge
|
||||||
|
hosts: all
|
||||||
|
tasks:
|
||||||
|
- name: "Include ednxzu.import_vault_root_ca"
|
||||||
|
ansible.builtin.include_role:
|
||||||
|
name: "ednxzu.import_vault_root_ca"
|
5
molecule/with_custom_ca_vagrant/group_vars/all.yml
Normal file
5
molecule/with_custom_ca_vagrant/group_vars/all.yml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
import_vault_root_ca_certificate_force_download: false
|
||||||
|
import_vault_root_ca_certificate_list:
|
||||||
|
- url: "https://letsencrypt.org/certs/isrg-root-x2.pem"
|
||||||
|
cert_name: "isrg_root"
|
35
molecule/with_custom_ca_vagrant/molecule.yml
Normal file
35
molecule/with_custom_ca_vagrant/molecule.yml
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
---
|
||||||
|
dependency:
|
||||||
|
name: galaxy
|
||||||
|
options:
|
||||||
|
requirements-file: ./requirements.yml
|
||||||
|
driver:
|
||||||
|
name: vagrant
|
||||||
|
provider:
|
||||||
|
name: libvirt
|
||||||
|
platforms:
|
||||||
|
- name: instance
|
||||||
|
box: generic/${MOLECULE_TEST_OS}
|
||||||
|
cpus: 4
|
||||||
|
memory: 4096
|
||||||
|
provisioner:
|
||||||
|
name: ansible
|
||||||
|
config_options:
|
||||||
|
defaults:
|
||||||
|
remote_tmp: /tmp/.ansible
|
||||||
|
verifier:
|
||||||
|
name: ansible
|
||||||
|
scenario:
|
||||||
|
name: with_custom_ca_vagrant
|
||||||
|
test_sequence:
|
||||||
|
- dependency
|
||||||
|
- cleanup
|
||||||
|
- destroy
|
||||||
|
- syntax
|
||||||
|
- create
|
||||||
|
- prepare
|
||||||
|
- converge
|
||||||
|
- idempotence
|
||||||
|
- verify
|
||||||
|
- cleanup
|
||||||
|
- destroy
|
4
molecule/with_custom_ca_vagrant/requirements.yml
Normal file
4
molecule/with_custom_ca_vagrant/requirements.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
# requirements file for molecule
|
||||||
|
roles:
|
||||||
|
- name: ednxzu.manage_apt_packages
|
52
molecule/with_custom_ca_vagrant/verify.yml
Normal file
52
molecule/with_custom_ca_vagrant/verify.yml
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
---
|
||||||
|
- name: Verify
|
||||||
|
hosts: all
|
||||||
|
gather_facts: true
|
||||||
|
tasks:
|
||||||
|
- name: "Test: directory /usr/local/share/ca-certificates"
|
||||||
|
block:
|
||||||
|
- name: "Stat directory /usr/local/share/ca-certificates"
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: "/usr/local/share/ca-certificates"
|
||||||
|
register: usr_local_share_ca_certificates
|
||||||
|
|
||||||
|
- name: "Find files in directory /usr/local/share/ca-certificates"
|
||||||
|
ansible.builtin.find:
|
||||||
|
paths: "/usr/local/share/ca-certificates"
|
||||||
|
file_type: file
|
||||||
|
register: usr_local_share_ca_certificates_ls
|
||||||
|
|
||||||
|
- name: "Verify directory /usr/local/share/ca-certificates"
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that:
|
||||||
|
- usr_local_share_ca_certificates.stat.exists
|
||||||
|
- usr_local_share_ca_certificates.stat.isdir
|
||||||
|
- usr_local_share_ca_certificates.stat.pw_name == 'root'
|
||||||
|
- usr_local_share_ca_certificates.stat.gr_name == 'root'
|
||||||
|
- usr_local_share_ca_certificates.stat.mode == '0755'
|
||||||
|
- (usr_local_share_ca_certificates_ls.files|length) == 1
|
||||||
|
- (usr_local_share_ca_certificates_ls.files[0].path|basename) == 'isrg_root.crt'
|
||||||
|
|
||||||
|
- name: "Test: certificate isrg_root.crt"
|
||||||
|
block:
|
||||||
|
- name: "Stat file /usr/local/share/ca-certificates/isrg_root.crt"
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: "/usr/local/share/ca-certificates/isrg_root.crt"
|
||||||
|
register: isrg_root_file
|
||||||
|
|
||||||
|
- name: "Get certificate info"
|
||||||
|
community.crypto.x509_certificate_info:
|
||||||
|
path: "/usr/local/share/ca-certificates/isrg_root.crt"
|
||||||
|
register: isrg_root_pem
|
||||||
|
|
||||||
|
- name: "Verify certificate is readable"
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that:
|
||||||
|
- isrg_root_file.stat.exists
|
||||||
|
- isrg_root_file.stat.isreg
|
||||||
|
- isrg_root_file.stat.pw_name == 'root'
|
||||||
|
- isrg_root_file.stat.gr_name == 'root'
|
||||||
|
- isrg_root_file.stat.mode == '0644'
|
||||||
|
- not isrg_root_pem.failed
|
||||||
|
- not isrg_root_pem.expired
|
||||||
|
- isrg_root_pem.issuer == isrg_root_pem.subject
|
@ -23,7 +23,6 @@
|
|||||||
cmd: openssl x509 -inform {{ 'PEM' if item.rc == 0 else 'DER' }} -in {{ item.item.dest }} -out {{ import_vault_root_ca_cert_dir }}/{{ item.item.item.cert_name }}.crt -outform pem
|
cmd: openssl x509 -inform {{ 'PEM' if item.rc == 0 else 'DER' }} -in {{ item.item.dest }} -out {{ import_vault_root_ca_cert_dir }}/{{ item.item.item.cert_name }}.crt -outform pem
|
||||||
creates: "{{ import_vault_root_ca_cert_dir }}/{{ item.item.item.cert_name }}.crt"
|
creates: "{{ import_vault_root_ca_cert_dir }}/{{ item.item.item.cert_name }}.crt"
|
||||||
loop: "{{ cert_format_results.results }}"
|
loop: "{{ cert_format_results.results }}"
|
||||||
|
become: true
|
||||||
notify:
|
notify:
|
||||||
- update-ca-certificates
|
- update-ca-certificates
|
||||||
# loop_control:
|
|
||||||
# loop_var: item
|
|
||||||
|
Loading…
Reference in New Issue
Block a user