Skip to content

Commit

Permalink
adding test playbooks back
Browse files Browse the repository at this point in the history 
Signed-off-by: Andrew Nguyen <[email protected]>
  • Loading branch information
@adn1107
adn1107 committed Dec 4, 2024
1 parent b90958d commit f76974c
Show file tree
Hide file tree
Showing 2 changed files with 132 additions and 0 deletions.
82 changes: 82 additions & 0 deletions ibm_concert/cert_renewal/create_USER_cert.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
###############################################################################
# © Copyright IBM Corporation 2024
###############################################################################

- hosts: all
collections:
- ibm.ibm_zos_core
gather_facts: false
environment: "{{ environment_vars }}"
vars:
owner_id: 'STCUSR'
cert_label: 'concertCertificateTest'
sign_label: 'IBM CA'
cn: 'share.centers.ihost.com:19999'
altname: 'IP(192.148.8.225)'
ou: 'Concert for Z'
country: 'US'
expiry_date: '2024-11-08'
expiry_time: '10:06:00' # UTC time
keyring: 'Keyring.CONCERT'
check_name: 'IBMRACF,RACF_CERTIFICATE_EXPIRATION'

tasks:
- block:
- name: Clean up certs and keyring
ibm.ibm_zos_core.zos_tso_command:
commands:
- RACDCERT ADDRING({{keyring}}) ID({{owner_id}})
- RACDCERT LISTRING({{keyring}}) ID({{ owner_id}})
register: tso_cmd_output
ignore_errors: true

- name: Create new self-signed USER cert and connect to keyring
ibm.ibm_zos_core.zos_tso_command:
commands:
- RACDCERT GENCERT ID({{owner_id}}) SUBJECTSDN(CN('{{cn}}') OU('{{ou}}') C('{{country}}')) WITHLABEL('{{cert_label}}') NOTAFTER(DATE({{expiry_date}}) TIME({{expiry_time}}) ) ALTNAME({{altname}})
- RACDCERT ID({{owner_id}}) CONNECT(LABEL('{{cert_label}}') RING({{keyring}}) DEFAULT)
- RACDCERT LISTRING({{keyring}}) ID({{owner_id}})
- RACDCERT ID({{owner_id}}) ALTER(LABEL('{{cert_label}}')) TRUST
- RACDCERT LISTCHAIN(LABEL('{{cert_label}}')) ID({{owner_id}})
when: sign_label == ' ' and not expiry_date == ''
register: tso_cmd_output

- name: Create new local-CA-signed USER cert and connect to keyring
ibm.ibm_zos_core.zos_tso_command:
commands:
- RACDCERT GENCERT ID({{owner_id}}) SUBJECTSDN(CN('{{cn}}') OU('{{ou}}') C('{{country}}')) WITHLABEL('{{cert_label}}') SIGNWITH(CERTAUTH LABEL('{{sign_label}}')) NOTAFTER(DATE({{expiry_date}}) TIME({{expiry_time}}) ) ALTNAME({{altname}})
- RACDCERT ID({{owner_id}}) CONNECT(LABEL('{{cert_label}}') RING({{keyring}}) DEFAULT)
- RACDCERT LISTRING({{keyring}}) ID({{owner_id}})
- RACDCERT ID({{owner_id}}) ALTER(LABEL('{{cert_label}}')) TRUST
- RACDCERT LISTCHAIN(LABEL('{{cert_label}}')) ID({{owner_id}})
when: not sign_label == ' ' and not expiry_date == ''
register: tso_cmd_output

- name: Create new self-signed USER cert and connect to keyring
ibm.ibm_zos_core.zos_tso_command:
commands:
- RACDCERT GENCERT ID({{owner_id}}) SUBJECTSDN(CN('{{cn}}') OU('{{ou}}') C('{{country}}')) WITHLABEL('{{cert_label}}') ALTNAME({{altname}})
- RACDCERT ID({{owner_id}}) CONNECT(LABEL('{{cert_label}}') RING({{keyring}}) DEFAULT)
- RACDCERT LISTRING({{keyring}}) ID({{owner_id}})
- RACDCERT ID({{owner_id}}) ALTER(LABEL('{{cert_label}}')) TRUST
- RACDCERT LISTCHAIN(LABEL('{{cert_label}}')) ID({{owner_id}})
when: sign_label == ' ' and expiry_date == ''
register: tso_cmd_output

- name: Create new local-CA-signed USER cert and connect to keyring
ibm.ibm_zos_core.zos_tso_command:
commands:
- RACDCERT GENCERT ID({{owner_id}}) SUBJECTSDN(CN('{{cn}}') OU('{{ou}}') C('{{country}}')) WITHLABEL('{{cert_label}}') SIGNWITH(CERTAUTH LABEL('{{sign_label}}')) ALTNAME({{altname}})
- RACDCERT ID({{owner_id}}) CONNECT(LABEL('{{cert_label}}') RING({{keyring}}) DEFAULT)
- RACDCERT LISTRING({{keyring}}) ID({{owner_id}})
- RACDCERT ID({{owner_id}}) ALTER(LABEL('{{cert_label}}')) TRUST
- RACDCERT LISTCHAIN (LABEL('{{cert_label}}')) ID({{owner_id}})
when: not sign_label == ' ' and expiry_date == ''
register: tso_cmd_output

- name: List keyring
ibm.ibm_zos_core.zos_tso_command:
commands:
- RACDCERT LISTRING({{keyring}}) ID({{ owner_id}})
ignore_errors: true
register: tso_cmd_output
50 changes: 50 additions & 0 deletions ibm_concert/cert_renewal/delete_cert.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
###############################################################################
# © Copyright IBM Corporation 2024
###############################################################################

- hosts: all
collections:
- ibm.ibm_zos_core
gather_facts: false
environment: "{{ environment_vars }}"
vars:
owner_id: 'STCUSR'
cert_type: 'USER'
cert_label: 'concertCertificateTest'
keyring: 'Keyring.CONCERT'

check_name: 'IBMRACF,RACF_CERTIFICATE_EXPIRATION'

tasks:
- name: Deleting cert {{cert_label}}
ibm.ibm_zos_core.zos_tso_command:
commands:
- RACDCERT ID({{ owner_id}}) DELETE(LABEL('{{cert_label}}'))
when: cert_type == 'USER'
register: tso_cmd_output

- name: Deleting cert {{cert_label}}
ibm.ibm_zos_core.zos_tso_command:
commands:
- RACDCERT CERTAUTH DELETE(LABEL('{{cert_label}}'))
when: cert_type == 'CERTAUTH'
register: tso_cmd_output

- name: Deleting cert {{cert_label}}
ibm.ibm_zos_core.zos_tso_command:
commands:
- RACDCERT SITE DELETE(LABEL('{{cert_label}}'))
when: cert_type == 'SITE'
register: tso_cmd_output

- name: Issue setropts refresh
tags: refresh
ibm.ibm_zos_core.zos_tso_command:
commands: SETROPTS RACLIST(DIGTCERT) REFRESH

- name: Display keyring
ibm.ibm_zos_core.zos_tso_command:
commands:
- RACDCERT LISTRING({{keyring}}) ID({{ owner_id}})
ignore_errors: true
register: tso_cmd_output

0 comments on commit f76974c

Please sign in to comment.