[ANSIBLE 3.2.0] Fix regex pattern in 'certificates' role

author Bartek Grzybowski <b.grzybowski@partner.samsung.com>

Wed, 14 Apr 2021 12:44:46 +0000 (14:44 +0200)

committer Bartek Grzybowski <b.grzybowski@partner.samsung.com>

Thu, 15 Apr 2021 09:22:57 +0000 (09:22 +0000)
author Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Wed, 14 Apr 2021 12:44:46 +0000 (14:44 +0200)
committer Bartek Grzybowski <b.grzybowski@partner.samsung.com>
Thu, 15 Apr 2021 09:22:57 +0000 (09:22 +0000)
diff --git a/ansible/roles/certificates/molecule/default/tests/test_infrastructure.py b/ansible/roles/certificates/molecule/default/tests/test_infrastructure.py

index ca5e89c..61c0663 100644 (file)
--- a/ansible/roles/certificates/molecule/default/tests/test_infrastructure.py
+++ b/ansible/roles/certificates/molecule/default/tests/test_infrastructure.py
@@ -2,6 +2,7 @@ import os
  import pytest
  
  import testinfra.utils.ansible_runner
+from cryptography import x509
  
  testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
      os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('infrastructure')
@@ -12,6 +13,16 @@ def group_vars(host):
      return host.ansible.get_variables()
  
  
+@pytest.fixture
+def crt_alt_names(host, group_vars):
+    nexus_cert_file = host.file(group_vars["app_data_path"] + '/certs/'
+                                + 'nexus_server.crt')
+    x509_cert = x509.load_pem_x509_certificate(nexus_cert_file.content)
+    san = x509_cert.extensions.get_extension_for_class(
+          x509.SubjectAlternativeName)
+    return san.value.get_values_for_type(x509.DNSName)
+
+
  @pytest.mark.parametrize('cert_file', [
      'nexus_server.crt',
      'nexus_server.csr',
@@ -30,3 +41,11 @@ def test_generated_cert_files_copied_to_infra(host, cert_file, group_vars):
      with open("molecule/default/certs/" + cert_file) as local_cert_file:
          local_content = local_cert_file.read().strip()
      assert local_content == f.content_string.strip()
+
+
+@pytest.mark.parametrize('alt_names', [
+    'molecule.sim.host1',
+    'molecule.sim.host2'
+])
+def test_subject_alt_name_valid(alt_names, crt_alt_names):
+    assert alt_names in crt_alt_names
diff --git a/ansible/roles/certificates/tasks/generate-certificates.yml b/ansible/roles/certificates/tasks/generate-certificates.yml

index 43b774b..d2a9f4e 100644 (file)
--- a/ansible/roles/certificates/tasks/generate-certificates.yml
+++ b/ansible/roles/certificates/tasks/generate-certificates.yml
@@ -59,7 +59,7 @@
      extended_key_usage:
        - serverAuth
      subject_alt_name:
-      "{{ all_simulated_hosts | map('regex_replace', '(.*)', 'DNS:\\1') | list }}"
+      "{{ all_simulated_hosts | map('regex_replace', '^(.*)$', 'DNS:\\1') | list }}"
  
  - name: Sign Nexus certificate
    openssl_certificate:
author	Bartek Grzybowski <b.grzybowski@partner.samsung.com>
	Wed, 14 Apr 2021 12:44:46 +0000 (14:44 +0200)
committer	Bartek Grzybowski <b.grzybowski@partner.samsung.com>
	Thu, 15 Apr 2021 09:22:57 +0000 (09:22 +0000)
ansible/roles/certificates/molecule/default/tests/test_infrastructure.py		patch \| blob \| history
ansible/roles/certificates/tasks/generate-certificates.yml		patch \| blob \| history