summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ansible/roles/certificates/molecule/default/tests/test_infrastructure.py19
-rw-r--r--ansible/roles/certificates/tasks/generate-certificates.yml2
2 files changed, 20 insertions, 1 deletions
diff --git a/ansible/roles/certificates/molecule/default/tests/test_infrastructure.py b/ansible/roles/certificates/molecule/default/tests/test_infrastructure.py
index ca5e89cc..61c06634 100644
--- a/ansible/roles/certificates/molecule/default/tests/test_infrastructure.py
+++ b/ansible/roles/certificates/molecule/default/tests/test_infrastructure.py
@@ -2,6 +2,7 @@ import os
import pytest
import testinfra.utils.ansible_runner
+from cryptography import x509
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('infrastructure')
@@ -12,6 +13,16 @@ def group_vars(host):
return host.ansible.get_variables()
+@pytest.fixture
+def crt_alt_names(host, group_vars):
+ nexus_cert_file = host.file(group_vars["app_data_path"] + '/certs/'
+ + 'nexus_server.crt')
+ x509_cert = x509.load_pem_x509_certificate(nexus_cert_file.content)
+ san = x509_cert.extensions.get_extension_for_class(
+ x509.SubjectAlternativeName)
+ return san.value.get_values_for_type(x509.DNSName)
+
+
@pytest.mark.parametrize('cert_file', [
'nexus_server.crt',
'nexus_server.csr',
@@ -30,3 +41,11 @@ def test_generated_cert_files_copied_to_infra(host, cert_file, group_vars):
with open("molecule/default/certs/" + cert_file) as local_cert_file:
local_content = local_cert_file.read().strip()
assert local_content == f.content_string.strip()
+
+
+@pytest.mark.parametrize('alt_names', [
+ 'molecule.sim.host1',
+ 'molecule.sim.host2'
+])
+def test_subject_alt_name_valid(alt_names, crt_alt_names):
+ assert alt_names in crt_alt_names
diff --git a/ansible/roles/certificates/tasks/generate-certificates.yml b/ansible/roles/certificates/tasks/generate-certificates.yml
index 43b774bc..d2a9f4ec 100644
--- a/ansible/roles/certificates/tasks/generate-certificates.yml
+++ b/ansible/roles/certificates/tasks/generate-certificates.yml
@@ -59,7 +59,7 @@
extended_key_usage:
- serverAuth
subject_alt_name:
- "{{ all_simulated_hosts | map('regex_replace', '(.*)', 'DNS:\\1') | list }}"
+ "{{ all_simulated_hosts | map('regex_replace', '^(.*)$', 'DNS:\\1') | list }}"
- name: Sign Nexus certificate
openssl_certificate: