--- - name: Verify hosts: all gather_facts: true become: true tasks: - name: "Test: directory /usr/local/share/ca-certificates" block: - name: "Stat directory /usr/local/share/ca-certificates" ansible.builtin.stat: path: "/usr/local/share/ca-certificates" register: usr_local_share_ca_certificates - name: "Find files in directory /usr/local/share/ca-certificates" ansible.builtin.find: paths: "/usr/local/share/ca-certificates" file_type: file register: usr_local_share_ca_certificates_ls - name: "Verify directory /usr/local/share/ca-certificates" ansible.builtin.assert: that: - usr_local_share_ca_certificates.stat.exists - usr_local_share_ca_certificates.stat.isdir - usr_local_share_ca_certificates.stat.pw_name == 'root' - usr_local_share_ca_certificates.stat.gr_name == 'root' - usr_local_share_ca_certificates.stat.mode == '0755' - (usr_local_share_ca_certificates_ls.files|length) == 1 - (usr_local_share_ca_certificates_ls.files[0].path|basename) == 'isrg_root.crt' - name: "Test: certificate isrg_root.crt" block: - name: "Stat file /usr/local/share/ca-certificates/isrg_root.crt" ansible.builtin.stat: path: "/usr/local/share/ca-certificates/isrg_root.crt" register: isrg_root_file - name: "Get certificate info" community.crypto.x509_certificate_info: path: "/usr/local/share/ca-certificates/isrg_root.crt" register: isrg_root_pem - name: "Verify certificate is readable" ansible.builtin.assert: that: - isrg_root_file.stat.exists - isrg_root_file.stat.isreg - isrg_root_file.stat.pw_name == 'root' - isrg_root_file.stat.gr_name == 'root' - isrg_root_file.stat.mode == '0644' - not isrg_root_pem.failed - not isrg_root_pem.expired - isrg_root_pem.issuer == isrg_root_pem.subject