
- name: Have ECS generate a signed certificate for us using a local file path for the specification] ***
  openssl_certificate:
    path: '{{ cert_path_localspec }}'
    privatekey_path: '{{ privatekey_path }}'
    privatekey_passphrase: '{{ privatekey_passphrase }}'
    csr_path: '{{ csr_path }}'
    provider: entrust
    entrust_requester_name: '{{ entrust_requester_name }}'
    entrust_requester_email: '{{ entrust_requester_email }}'
    entrust_requester_phone: '{{ entrust_requester_phone }}'
    entrust_cert_type: '{{ entrust_cert_type | default(omit) }}'
    entrust_api_user: '{{ entrust_api_user }}'
    entrust_api_key: '{{ entrust_api_key }}'
    entrust_api_client_cert_path: '{{ tmpdir_path }}/api_files/cert.pem'
    entrust_api_client_cert_key_path: '{{ tmpdir_path }}/api_files/key.pem'
    entrust_api_specification_path: '{{ tmpdir_path }}/api_files/api.yml'
  register: cert_result_success_localpath

- name: Have ECS generate a signed certificate for us to test a not after with specific date range (later python tests will very expiratio ndate)] ***
  openssl_certificate:
    path: '{{ cert_path_not_after }}'
    privatekey_path: '{{ privatekey_path }}'
    privatekey_passphrase: '{{ privatekey_passphrase }}'
    csr_path: '{{ csr_path }}'
    provider: entrust
    entrust_requester_name: '{{ entrust_requester_name }}'
    entrust_requester_email: '{{ entrust_requester_email }}'
    entrust_requester_phone: '{{ entrust_requester_phone }}'
    entrust_not_after: '+{{ entrust_not_after_days }}d'
    entrust_cert_type: '{{ entrust_cert_type | default(omit) }}'
    entrust_api_user: '{{ entrust_api_user }}'
    entrust_api_key: '{{ entrust_api_key }}'
    entrust_api_client_cert_path: '{{ tmpdir_path }}/api_files/cert.pem'
    entrust_api_client_cert_key_path: '{{ tmpdir_path }}/api_files/key.pem'
  register: cert_result_success_not_after

- name: Have ECS generate a signed certificate for us when no spec path is specified
  openssl_certificate:
    path: '{{ cert_path_nospec }}'
    csr_path: '{{ csr_path }}'
    privatekey_path: '{{ privatekey_path }}'
    privatekey_passphrase: '{{ privatekey_passphrase }}'
    provider: entrust
    entrust_requester_name: '{{ entrust_requester_name }}'
    entrust_requester_email: '{{ entrust_requester_email }}'
    entrust_requester_phone: '{{ entrust_requester_phone }}'
    entrust_cert_type: '{{ entrust_cert_type | default(omit) }}'
    entrust_api_user: '{{ entrust_api_user }}'
    entrust_api_key: '{{ entrust_api_key }}'
    entrust_api_client_cert_path: '{{ tmpdir_path }}/api_files/cert.pem'
    entrust_api_client_cert_key_path: '{{ tmpdir_path }}/api_files/key.pem'
  register: cert_result_success_nopath

- name: Have ECS generate a signed certificate for us when HTML path specified
  openssl_certificate:
    path: '{{ cert_path }}'
    csr_path: '{{ csr_path }}'
    provider: entrust
    privatekey_path: '{{ privatekey_path }}'
    privatekey_passphrase: '{{ privatekey_passphrase }}'
    entrust_requester_name: '{{ entrust_requester_name }}'
    entrust_requester_email: '{{ entrust_requester_email }}'
    entrust_requester_phone: '{{ entrust_requester_phone }}'
    entrust_cert_type: '{{ entrust_cert_type | default(omit) }}'
    entrust_api_user: '{{ entrust_api_user }}'
    entrust_api_key: '{{ entrust_api_key }}'
    entrust_api_client_cert_path: '{{ tmpdir_path }}/api_files/cert.pem'
    entrust_api_client_cert_key_path: '{{ tmpdir_path }}/api_files/key.pem'
    entrust_api_specification_path: 'https://cloud.entrust.net/EntrustCloud/documentation/cms-api-2.1.0.yaml'
  register: cert_result_localpath

# Verify that cert will not be renewed if expiration time is far enough away.
# We need to create a copy so that we can test the output later, because if it does renew
# the file in cert_path will be changed and we'll have nothing to compare against
- name: Copy the cert to attempt to renew and fail
  copy:
    src: '{{ cert_path }}'
    dest: '{{ cert_path_norenew }}'
    remote_src: yes

- name: Attempt to perform a renew, but fail because cert isn't old enough
  openssl_certificate:
    path: '{{ cert_path_norenew }}'
    csr_path: '{{ csr_path }}'
    provider: entrust
    privatekey_path: '{{ privatekey_path }}'
    privatekey_passphrase: '{{ privatekey_passphrase }}'
    entrust_requester_name: '{{ entrust_requester_name }}'
    entrust_requester_email: '{{ entrust_requester_email }}'
    entrust_requester_phone: '{{ entrust_requester_phone }}'
    entrust_cert_type: '{{ entrust_cert_type | default(omit) }}'
    entrust_api_user: '{{ entrust_api_user }}'
    entrust_api_key: '{{ entrust_api_key }}'
    entrust_api_client_cert_path: '{{ tmpdir_path }}/api_files/cert.pem'
    entrust_api_client_cert_key_path: '{{ tmpdir_path }}/api_files/key.pem'
    entrust_api_specification_path: 'https://cloud.entrust.net/EntrustCloud/documentation/cms-api-2.1.0.yaml'
    entrust_reissue_if_expires_in: 2592000
  register: cert_result_noop

# Verify that the cert will be renewed if expiration time is too far
- name: Copy the cert to attempt to renew and succeed
  copy:
    src: '{{ cert_path }}'
    dest: '{{ cert_path_renew }}'
    remote_src: yes

- name: Attempt to perform a renew, but succeed
  openssl_certificate:
    path: '{{ cert_path_renew }}'
    csr_path: '{{ csr_path }}'
    privatekey_path: '{{ privatekey_path }}'
    privatekey_passphrase: '{{ privatekey_passphrase }}'
    provider: entrust
    entrust_requester_name: '{{ entrust_requester_name }}'
    entrust_requester_email: '{{ entrust_requester_email }}'
    entrust_requester_phone: '{{ entrust_requester_phone }}'
    entrust_cert_type: '{{ entrust_cert_type | default(omit) }}'
    entrust_api_user: '{{ entrust_api_user }}'
    entrust_api_key: '{{ entrust_api_key }}'
    entrust_api_client_cert_path: '{{ tmpdir_path }}/api_files/cert.pem'
    entrust_api_client_cert_key_path: '{{ tmpdir_path }}/api_files/key.pem'
    entrust_api_specification_path: 'https://cloud.entrust.net/EntrustCloud/documentation/cms-api-2.1.0.yaml'
    entrust_reissue_if_expires_in: 99990000
  register: cert_result

# Verify that a new cert issuance takes place if the cert type changes
- name: Copy the cert to attempt to renew and succeed
  copy:
    src: '{{ cert_path_renew }}'
    dest: '{{ cert_path_renew_typechange }}'
    remote_src: yes

# Here we want to do an openssl_certificate call on the previously successfully renewed cert
- name: Attempt to perform a renew, and end up performing a 'new' because of a type change
  openssl_certificate:
    path: '{{ cert_path_renew_typechange }}'
    csr_path: '{{ csr_path }}'
    privatekey_path: '{{ privatekey_path }}'
    privatekey_passphrase: '{{ privatekey_passphrase }}'
    provider: entrust
    entrust_requester_name: '{{ entrust_requester_name }}'
    entrust_requester_email: '{{ entrust_requester_email }}'
    entrust_requester_phone: '{{ entrust_requester_phone }}'
    entrust_cert_type: '{{ entrust_cert_norenew_type | default(omit) }}'
    entrust_api_user: '{{ entrust_api_user }}'
    entrust_api_key: '{{ entrust_api_key }}'
    entrust_api_client_cert_path: '{{ tmpdir_path }}/api_files/cert.pem'
    entrust_api_client_cert_key_path: '{{ tmpdir_path }}/api_files/key.pem'
    entrust_api_specification_path: 'https://cloud.entrust.net/EntrustCloud/documentation/cms-api-2.1.0.yaml'
    entrust_reissue_if_expires_in: 10
  register: cert_result