github.com/Venafi/vcert/v5@v5.10.2/aruba/features/playbook/playbook.feature (about) 1 Feature: playbook 2 3 As a user 4 I want to issue certificates using playbook and perform installation 5 6 Background: 7 And the default aruba exit timeout is 180 seconds 8 9 @TPP 10 Scenario Outline: Run playbook for TPP with extended configuration with PEM, PKCS12 and JKS installations 11 Given I have playbook with TPP connection details 12 And I have playbook with certificateTasks block 13 And I have playbook with task named "myCertificateInstallation" 14 And task named "myCertificateInstallation" has setenvvars "thumbprint,serial" 15 And task named "myCertificateInstallation" has renewBefore with value "31d" 16 And task named "myCertificateInstallation" has request 17 And task named "myCertificateInstallation" has request with "chain" value "root-first" 18 And task named "myCertificateInstallation" has request with "csr" value "service" 19 And task named "myCertificateInstallation" has request with "fields" value "custom="Foo",cfList="item1",cfListMulti="tier2|tier3|tier4"" 20 And task named "myCertificateInstallation" has request with "sanDns" value "test.com,test2.com" 21 And task named "myCertificateInstallation" has request with "sanEmail" value "test@test.com,test2@test.com" 22 And task named "myCertificateInstallation" has request with "fetchPrivateKey" value "true" 23 And task named "myCertificateInstallation" has request with "sanIP" value "127.0.0.1,192.168.1.2" 24 # m = Microsoft 25 And task named "myCertificateInstallation" has request with "issuerHint" value "m" 26 And task named "myCertificateInstallation" has request with "validDays" value "30" 27 And task named "myCertificateInstallation" has request with "keyType" value "rsa" 28 And task named "myCertificateInstallation" has request with "keySize" value "4096" 29 # "origin" is the full name for adding to meta information to certificate request 30 And task named "myCertificateInstallation" has request with "appInfo" value "Venafi VCert Playbook" 31 And task named "myCertificateInstallation" has request with "sanUpn" value "test,test2" 32 And task named "myCertificateInstallation" has request with "sanUri" value "uri.test.com,foo.venafi.com" 33 And task named "myCertificateInstallation" has request with default "TPP" zone 34 And task named "myCertificateInstallation" has request with Location instance "devops-instance", workload prefixed by "workload", tlsAddress "wwww.example.com:443" and replace "false" 35 And task named "myCertificateInstallation" request has subject 36 And task named "myCertificateInstallation" request has subject with "country" value "US" 37 And task named "myCertificateInstallation" request has subject with "locality" value "Salt Lake City" 38 And task named "myCertificateInstallation" request has subject with "state" value "Utah" 39 And task named "myCertificateInstallation" request has subject with "organization" value "Venafi Inc" 40 And task named "myCertificateInstallation" request has subject with "orgUnits" value "engineering,marketing" 41 And task named "myCertificateInstallation" request has subject random CommonName 42 And task named "myCertificateInstallation" has request with nickname based on commonName 43 And task named "myCertificateInstallation" has installations 44 And task named "myCertificateInstallation" has installation format PEM with file name "cert.cer", chain name "chain.cer", key name "key.pem" with password, installation, validation and uses backup 45 And task named "myCertificateInstallation" has installation format JKS with cert name "cert.jks", jksAlias "venafi" and jksPassword "foobar123" with installation 46 And task named "myCertificateInstallation" has installation format PKCS12 with cert name "cert.p12" and password "Passcode123!" with installation 47 And I created playbook named "<config-file>" with previous content 48 And I run `vcert run -f <config-file>` 49 Then the output should contain "successfully executed after-install actions" 50 And the output should contain "successfully executed installation validation actions" 51 And the output should contain "playbook run finished" 52 And a file named "cert.cer" should exist 53 And a file named "chain.cer" should exist 54 And a file named "key.pem" should exist 55 And a file named "cert.jks" should exist 56 And a file named "cert.jks" should exist 57 And a file named "cert.p12" should exist 58 And playbook generated private key in "key.pem" and certificate in "cert.cer" should have the same modulus with password Passcode123! 59 And playbook generated "cert.p12" should be PKCS#12 archive with password "Passcode123!" 60 And "cert.p12" should be PKCS#12 archive with password "Passcode123!" 61 # And "cert.jks" should be jks archive with password "foobar123" # TODO: solve this case 62 And I uninstall file named "cert.cer" 63 And I uninstall file named "chain.cer" 64 And I uninstall file named "key.pem" 65 And I uninstall file named "cert.jks" 66 And I uninstall file named "cert.p12" 67 68 Examples: 69 | config-file | 70 | playbook-tpp.yml | 71 72 Scenario Outline: Run playbook with default configuration, perform simple PEM installation and validates private key 73 Given I have playbook with <platform> connection details 74 And I have playbook with certificateTasks block 75 And I have playbook with task named "myCertificateInstallation" 76 And task named "myCertificateInstallation" has renewBefore with value "31d" 77 And task named "myCertificateInstallation" has request 78 And task named "myCertificateInstallation" has request with "csr" value "local" 79 And task named "myCertificateInstallation" has request with default "<platform>" zone 80 And task named "myCertificateInstallation" request has subject 81 And task named "myCertificateInstallation" request has subject with default values 82 And task named "myCertificateInstallation" request has subject random CommonName 83 And task named "myCertificateInstallation" has installations 84 And task named "myCertificateInstallation" has installation format PEM with file name "c1.cer", chain name "ch1.cer", key name "k1.pem" 85 And I created playbook named "<config-file>" with previous content 86 And I run `vcert run -f <config-file>` 87 Then the output should contain "successfully installed certificate" 88 And the output should contain "playbook run finished" 89 And a file named "c1.cer" should exist 90 And a file named "ch1.cer" should exist 91 And a file named "k1.pem" should exist 92 And playbook generated private key in "k1.pem" and certificate in "c1.cer" should have the same modulus 93 And "k1.pem" should not be encrypted "RSA" private key 94 And "k1.pem" should be RSA private key with password "" 95 And I uninstall file named "c1.cer" 96 And I uninstall file named "ch1.cer" 97 And I uninstall file named "k1.pem" 98 99 100 @TPP 101 Examples: 102 | platform | config-file | 103 | TPP | playbook-tpp.yml | 104 105 @VAAS 106 Examples: 107 | platform | config-file | 108 | VaaS | playbook-vaas.yml | 109 110 Scenario Outline: Run playbook with default configuration, perform simple PEM installation and validates encrypted private key 111 Given I have playbook with <platform> connection details 112 And I have playbook with certificateTasks block 113 And I have playbook with task named "myCertificateInstallation" 114 And task named "myCertificateInstallation" has renewBefore with value "31d" 115 And task named "myCertificateInstallation" has request 116 And task named "myCertificateInstallation" has request with "csr" value "service" 117 And task named "myCertificateInstallation" has request with default "<platform>" zone 118 And task named "myCertificateInstallation" request has subject 119 And task named "myCertificateInstallation" request has subject with default values 120 And task named "myCertificateInstallation" request has subject random CommonName 121 And task named "myCertificateInstallation" has installations 122 And task named "myCertificateInstallation" has installation format PEM with file name "c1.cer", chain name "ch1.cer", key name "k1.pem" with password 123 And I created playbook named "<config-file>" with previous content 124 And I run `vcert run -f <config-file>` 125 Then the output should contain "successfully installed certificate" 126 And the output should contain "playbook run finished" 127 And a file named "c1.cer" should exist 128 And a file named "ch1.cer" should exist 129 And a file named "k1.pem" should exist 130 And playbook generated private key in "k1.pem" and certificate in "c1.cer" should have the same modulus with password Passcode123! 131 And "k1.pem" should be encrypted "RSA" private key 132 And "k1.pem" should be RSA private key with password "Passcode123!" 133 And I uninstall file named "c1.cer" 134 And I uninstall file named "ch1.cer" 135 And I uninstall file named "k1.pem" 136 137 @TPP 138 Examples: 139 | platform | config-file | 140 | TPP | playbook-tpp.yml | 141 142 @VAAS 143 Examples: 144 | platform | config-file | 145 | VaaS | playbook-vaas.yml | 146 147 Scenario Outline: Run playbook with default configuration with local generated, perform simple PEM installation and validates encrypted private key 148 Given I have playbook with <platform> connection details 149 And I have playbook with certificateTasks block 150 And I have playbook with task named "myCertificateInstallation" 151 And task named "myCertificateInstallation" has renewBefore with value "31d" 152 And task named "myCertificateInstallation" has request 153 And task named "myCertificateInstallation" has request with "csr" value "local" 154 And task named "myCertificateInstallation" has request with default "<platform>" zone 155 And task named "myCertificateInstallation" request has subject 156 And task named "myCertificateInstallation" request has subject with default values 157 And task named "myCertificateInstallation" request has subject random CommonName 158 And task named "myCertificateInstallation" has installations 159 And task named "myCertificateInstallation" has installation format PEM with file name "c1.cer", chain name "ch1.cer", key name "k1.pem" with password 160 And I created playbook named "<config-file>" with previous content 161 And I run `vcert run -f <config-file>` 162 Then the output should contain "successfully installed certificate" 163 And the output should contain "playbook run finished" 164 And a file named "c1.cer" should exist 165 And a file named "ch1.cer" should exist 166 And a file named "k1.pem" should exist 167 And playbook generated private key in "k1.pem" and certificate in "c1.cer" should have the same modulus with password Passcode123! 168 And "k1.pem" should be encrypted "RSA" private key 169 And "k1.pem" should be RSA private key with password "Passcode123!" 170 And I uninstall file named "c1.cer" 171 And I uninstall file named "ch1.cer" 172 And I uninstall file named "k1.pem" 173 174 @TPP 175 Examples: 176 | platform | config-file | 177 | TPP | playbook-tpp.yml | 178 179 @VAAS 180 Examples: 181 | platform | config-file | 182 | VaaS | playbook-vaas.yml | 183 184 # This scenario takes into account you are running a Zone that creates a cert with validity more than 31d 185 Scenario Outline: Run playbook twice with default configuration, perform simple PEM installation. Should prevent second issue 186 Given I have playbook with <platform> connection details 187 And I have playbook with certificateTasks block 188 And I have playbook with task named "myCertificateInstallation" 189 And task named "myCertificateInstallation" has renewBefore with value "31d" 190 And task named "myCertificateInstallation" has request 191 And task named "myCertificateInstallation" has request with "csr" value "local" 192 And task named "myCertificateInstallation" has request with default "<platform>" zone 193 And task named "myCertificateInstallation" request has subject 194 And task named "myCertificateInstallation" request has subject with default values 195 And task named "myCertificateInstallation" request has subject random CommonName 196 And task named "myCertificateInstallation" has installations 197 And task named "myCertificateInstallation" has installation format PEM with file name "c1.cer", chain name "ch1.cer", key name "k1.pem" 198 And I created playbook named "<config-file>" with previous content 199 And I run `vcert run -f <config-file>` 200 Then the output should contain "successfully installed certificate" 201 And the output should contain "playbook run finished" 202 And I run `vcert run -f <config-file>` 203 Then the output should contain "certificate in good health. No actions needed" 204 And the output should contain "playbook run finished" 205 And a file named "c1.cer" should exist 206 And a file named "ch1.cer" should exist 207 And a file named "k1.pem" should exist 208 And playbook generated private key in "k1.pem" and certificate in "c1.cer" should have the same modulus 209 And "k1.pem" should not be encrypted "RSA" private key 210 And "k1.pem" should be RSA private key with password "" 211 And I uninstall file named "c1.cer" 212 And I uninstall file named "ch1.cer" 213 And I uninstall file named "k1.pem" 214 215 @TPP 216 Examples: 217 | platform | config-file | 218 | TPP | playbook-tpp.yml | 219 220 @VAAS 221 Examples: 222 | platform | config-file | 223 | VaaS | playbook-vaas.yml | 224 225 Scenario Outline: Run playbook twice with default configuration, perform simple PEM installation. Should issue twice 226 Given I have playbook with <platform> connection details 227 And I have playbook with certificateTasks block 228 And I have playbook with task named "myCertificateInstallation" 229 And task named "myCertificateInstallation" has renewBefore with value "31d" 230 And task named "myCertificateInstallation" has request 231 And task named "myCertificateInstallation" has request with "csr" value "local" 232 And task named "myCertificateInstallation" has request with "validDays" value "30" 233 And task named "myCertificateInstallation" has request with "issuerHint" value "MICROSOFT" 234 And task named "myCertificateInstallation" has request with default "<platform>" zone 235 And task named "myCertificateInstallation" request has subject 236 And task named "myCertificateInstallation" request has subject with default values 237 And task named "myCertificateInstallation" request has subject random CommonName 238 And task named "myCertificateInstallation" has installations 239 And task named "myCertificateInstallation" has installation format PEM with file name "c1.cer", chain name "ch1.cer", key name "k1.pem" 240 And I created playbook named "<config-file>" with previous content 241 And I run `vcert run -f <config-file>` 242 Then the output should contain "successfully installed certificate" 243 And the output should contain "playbook run finished" 244 And I run `vcert run -f <config-file>` 245 Then the output should contain "successfully installed certificate" 246 And the output should contain "playbook run finished" 247 And a file named "c1.cer" should exist 248 And a file named "ch1.cer" should exist 249 And a file named "k1.pem" should exist 250 And playbook generated private key in "k1.pem" and certificate in "c1.cer" should have the same modulus 251 And "k1.pem" should not be encrypted "RSA" private key 252 And "k1.pem" should be RSA private key with password "" 253 And I uninstall file named "c1.cer" 254 And I uninstall file named "ch1.cer" 255 And I uninstall file named "k1.pem" 256 257 @TPP 258 Examples: 259 | platform | config-file | 260 | TPP | playbook-tpp.yml | 261 262 @VAAS 263 Examples: 264 | platform | config-file | 265 | VaaS | playbook-vaas.yml | 266 267 # This scenario takes into account you are running a Zone that creates a cert with validity more than 31d 268 Scenario Outline: Run playbook twice with default configuration and --force-renew flag, perform simple PEM installation. Should issue twice 269 Given I have playbook with <platform> connection details 270 And I have playbook with certificateTasks block 271 And I have playbook with task named "myCertificateInstallation" 272 And task named "myCertificateInstallation" has renewBefore with value "31d" 273 And task named "myCertificateInstallation" has request 274 And task named "myCertificateInstallation" has request with "csr" value "local" 275 And task named "myCertificateInstallation" has request with default "<platform>" zone 276 And task named "myCertificateInstallation" request has subject 277 And task named "myCertificateInstallation" request has subject with default values 278 And task named "myCertificateInstallation" request has subject random CommonName 279 And task named "myCertificateInstallation" has installations 280 And task named "myCertificateInstallation" has installation format PEM with file name "c1.cer", chain name "ch1.cer", key name "k1.pem" 281 And I created playbook named "<config-file>" with previous content 282 And I run `vcert run -f <config-file>` 283 Then the output should contain "successfully installed certificate" 284 And the output should contain "playbook run finished" 285 And I run `vcert run -f <config-file> --force-renew` 286 Then the output should contain "successfully installed certificate" 287 And the output should contain "playbook run finished" 288 And a file named "c1.cer" should exist 289 And a file named "ch1.cer" should exist 290 And a file named "k1.pem" should exist 291 And playbook generated private key in "k1.pem" and certificate in "c1.cer" should have the same modulus 292 And "k1.pem" should not be encrypted "RSA" private key 293 And "k1.pem" should be RSA private key with password "" 294 And I uninstall file named "c1.cer" 295 And I uninstall file named "ch1.cer" 296 And I uninstall file named "k1.pem" 297 298 @TPP 299 Examples: 300 | platform | config-file | 301 | TPP | playbook-tpp.yml | 302 303 @VAAS 304 Examples: 305 | platform | config-file | 306 | VaaS | playbook-vaas.yml | 307 308 Scenario Outline: Run playbook with default configuration, perform two tasks, each one doing PEM and PKCS12 installations respectively 309 Given I have playbook with <platform> connection details 310 And I have playbook with certificateTasks block 311 And I have playbook with task named "myCertificateInstallation" 312 And task named "myCertificateInstallation" has renewBefore with value "31d" 313 And task named "myCertificateInstallation" has request 314 And task named "myCertificateInstallation" has request with "csr" value "service" 315 And task named "myCertificateInstallation" has request with default "<platform>" zone 316 And task named "myCertificateInstallation" request has subject 317 And task named "myCertificateInstallation" request has subject with default values 318 And task named "myCertificateInstallation" request has subject random CommonName 319 And task named "myCertificateInstallation" has installations 320 And task named "myCertificateInstallation" has installation format PEM with file name "c1.cer", chain name "ch1.cer", key name "k1.pem" with password 321 And I have playbook with task named "myCertificateInstallationPKCS12" 322 And task named "myCertificateInstallationPKCS12" has renewBefore with value "31d" 323 And task named "myCertificateInstallationPKCS12" has request 324 And task named "myCertificateInstallationPKCS12" has request with "csr" value "service" 325 And task named "myCertificateInstallationPKCS12" has request with default "<platform>" zone 326 And task named "myCertificateInstallationPKCS12" request has subject 327 And task named "myCertificateInstallationPKCS12" request has subject with default values 328 And task named "myCertificateInstallationPKCS12" request has subject random CommonName 329 And task named "myCertificateInstallationPKCS12" has installations 330 And task named "myCertificateInstallationPKCS12" has installation format PKCS12 with cert name "cert.p12" and password "Passcode124!" with validation 331 And I created playbook named "<config-file>" with previous content 332 And I run `vcert run -f <config-file>` 333 Then the output should contain "successfully installed certificate" 334 And the output should contain "playbook run finished" 335 And a file named "c1.cer" should exist 336 And a file named "ch1.cer" should exist 337 And a file named "k1.pem" should exist 338 And a file named "cert.p12" should exist 339 And playbook generated private key in "k1.pem" and certificate in "c1.cer" should have the same modulus with password Passcode123! 340 And "k1.pem" should be encrypted "RSA" private key 341 And "k1.pem" should be RSA private key with password "Passcode123!" 342 And playbook generated "cert.p12" should be PKCS#12 archive with password "Passcode124!" 343 And I uninstall file named "c1.cer" 344 And I uninstall file named "ch1.cer" 345 And I uninstall file named "k1.pem" 346 And I uninstall file named "cert.p12" 347 348 @TPP 349 Examples: 350 | platform | config-file | 351 | TPP | playbook-tpp.yml | 352 353 @VAAS 354 Examples: 355 | platform | config-file | 356 | VaaS | playbook-vaas.yml | 357 358 Scenario Outline: Run playbook with default configuration and performs PEM installation using service generated ECDSA private keys 359 Given I have playbook with <platform> connection details 360 And I have playbook with certificateTasks block 361 And I have playbook with task named "myCertificateInstallation" 362 And task named "myCertificateInstallation" has renewBefore with value "31d" 363 And task named "myCertificateInstallation" has request 364 And task named "myCertificateInstallation" has request with "csr" value "service" 365 And task named "myCertificateInstallation" has request with "keyType" value "ECDSA" 366 And task named "myCertificateInstallation" has request with "keyCurve" value "P521" 367 And task named "myCertificateInstallation" has request with default Elliptic Curve "<platform>" zone 368 And task named "myCertificateInstallation" request has subject 369 And task named "myCertificateInstallation" request has subject with default values 370 And task named "myCertificateInstallation" request has subject random CommonName with random site name and fixed Domain Name "vfidev.com" 371 And task named "myCertificateInstallation" has installations 372 And task named "myCertificateInstallation" has installation format PEM with file name "c1.cer", chain name "ch1.cer", key name "k1.pem" 373 And I created playbook named "<config-file>" with previous content 374 And I run `vcert run -f <config-file>` 375 Then the output should contain "successfully installed certificate" 376 And the output should contain "playbook run finished" 377 And a file named "c1.cer" should exist 378 And a file named "ch1.cer" should exist 379 And a file named "k1.pem" should exist 380 And "k1.pem" should not be encrypted "ECDSA" private key 381 And I uninstall file named "c1.cer" 382 And I uninstall file named "ch1.cer" 383 And I uninstall file named "k1.pem" 384 385 @TPP 386 Examples: 387 | platform | config-file | 388 | TPP | playbook-tpp.yml | 389 390 @VAAS 391 Examples: 392 | platform | config-file | 393 | VaaS | playbook-vaas.yml | 394 395 Scenario Outline: Run playbook with default configuration and performs PEM installation using service generated encrypted ECDSA private keys 396 Given I have playbook with <platform> connection details 397 And I have playbook with certificateTasks block 398 And I have playbook with task named "myCertificateInstallation" 399 And task named "myCertificateInstallation" has renewBefore with value "31d" 400 And task named "myCertificateInstallation" has request 401 And task named "myCertificateInstallation" has request with "csr" value "service" 402 And task named "myCertificateInstallation" has request with "keyType" value "ECDSA" 403 And task named "myCertificateInstallation" has request with "keyCurve" value "P521" 404 And task named "myCertificateInstallation" has request with default Elliptic Curve "<platform>" zone 405 And task named "myCertificateInstallation" request has subject 406 And task named "myCertificateInstallation" request has subject with default values 407 And task named "myCertificateInstallation" request has subject random CommonName with random site name and fixed Domain Name "vfidev.com" 408 And task named "myCertificateInstallation" has installations 409 And task named "myCertificateInstallation" has installation format PEM with file name "c1.cer", chain name "ch1.cer", key name "k1.pem" with password 410 And I created playbook named "<config-file>" with previous content 411 And I run `vcert run -f <config-file>` 412 Then the output should contain "successfully installed certificate" 413 And the output should contain "playbook run finished" 414 And a file named "c1.cer" should exist 415 And a file named "ch1.cer" should exist 416 And a file named "k1.pem" should exist 417 And "k1.pem" should be encrypted "ECDSA" private key 418 And I uninstall file named "c1.cer" 419 And I uninstall file named "ch1.cer" 420 And I uninstall file named "k1.pem" 421 422 @TPP 423 Examples: 424 | platform | config-file | 425 | TPP | playbook-tpp.yml | 426 427 @VAAS 428 Examples: 429 | platform | config-file | 430 | VaaS | playbook-vaas.yml | 431 432 Scenario Outline: Run playbook with default configuration and performs pkcs12 installation using legacy flag 433 Given I have playbook with <platform> connection details 434 And I have playbook with certificateTasks block 435 And I have playbook with task named "myCertificateInstallationLegacyPKCS12" 436 And task named "myCertificateInstallationLegacyPKCS12" has renewBefore with value "31d" 437 And task named "myCertificateInstallationLegacyPKCS12" has request 438 And task named "myCertificateInstallationLegacyPKCS12" has request with "csr" value "service" 439 And task named "myCertificateInstallationLegacyPKCS12" has request with default "<platform>" zone 440 And task named "myCertificateInstallationLegacyPKCS12" request has subject 441 And task named "myCertificateInstallationLegacyPKCS12" request has subject with default values 442 And task named "myCertificateInstallationLegacyPKCS12" request has subject random CommonName 443 And task named "myCertificateInstallationLegacyPKCS12" has installations 444 And task named "myCertificateInstallationLegacyPKCS12" has installation format PKCS12 with cert name "cert.p12" and password "Passcode124!" and useLegacyP12 with validation 445 And I created playbook named "<config-file>" with previous content 446 And I run `vcert run -f <config-file>` 447 Then the output should contain "successfully installed certificate" 448 And the output should contain "playbook run finished" 449 And "cert.p12" should be PKCS#12 archive in legacy mode with password "Passcode124!" 450 And I uninstall file named "cert.p12" 451 452 453 @TPP 454 Examples: 455 | platform | config-file | 456 | TPP | playbook-tpp.yml | 457 458 @VAAS 459 Examples: 460 | platform | config-file | 461 | VaaS | playbook-vaas.yml |