mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Allowing to force account URI. (#44282)
This commit is contained in:
parent
6caf0e8149
commit
cfba02bc3b
8 changed files with 40 additions and 1 deletions
|
@ -514,7 +514,9 @@ class ACMEAccount(object):
|
||||||
self.key_content = module.params['account_key_content']
|
self.key_content = module.params['account_key_content']
|
||||||
self.directory = ACMEDirectory(module)
|
self.directory = ACMEDirectory(module)
|
||||||
|
|
||||||
self.uri = None
|
# Grab account URI from module parameters.
|
||||||
|
# Make sure empty string is treated as None.
|
||||||
|
self.uri = module.params.get('account_uri') or None
|
||||||
|
|
||||||
self._openssl_bin = module.get_bin_path('openssl', True)
|
self._openssl_bin = module.get_bin_path('openssl', True)
|
||||||
|
|
||||||
|
@ -527,6 +529,9 @@ class ACMEAccount(object):
|
||||||
"alg": self.key_data['alg'],
|
"alg": self.key_data['alg'],
|
||||||
"jwk": self.jwk,
|
"jwk": self.jwk,
|
||||||
}
|
}
|
||||||
|
if self.uri:
|
||||||
|
# Make sure self.jws_header is updated
|
||||||
|
self.set_account_uri(self.uri)
|
||||||
|
|
||||||
def get_keyauthorization(self, token):
|
def get_keyauthorization(self, token):
|
||||||
'''
|
'''
|
||||||
|
@ -709,6 +714,10 @@ class ACMEAccount(object):
|
||||||
changed = False
|
changed = False
|
||||||
if self.uri is not None:
|
if self.uri is not None:
|
||||||
new_account = False
|
new_account = False
|
||||||
|
if not update_contact:
|
||||||
|
# Verify that the account key belongs to the URI.
|
||||||
|
# (If update_contact is True, this will be done below.)
|
||||||
|
self.get_account_data()
|
||||||
else:
|
else:
|
||||||
new_account = self._new_reg(
|
new_account = self._new_reg(
|
||||||
contact,
|
contact,
|
||||||
|
|
|
@ -127,6 +127,7 @@ def main():
|
||||||
argument_spec=dict(
|
argument_spec=dict(
|
||||||
account_key_src=dict(type='path', aliases=['account_key']),
|
account_key_src=dict(type='path', aliases=['account_key']),
|
||||||
account_key_content=dict(type='str', no_log=True),
|
account_key_content=dict(type='str', no_log=True),
|
||||||
|
account_uri=dict(required=False, type='str'),
|
||||||
acme_directory=dict(required=False, default='https://acme-staging.api.letsencrypt.org/directory', type='str'),
|
acme_directory=dict(required=False, default='https://acme-staging.api.letsencrypt.org/directory', type='str'),
|
||||||
acme_version=dict(required=False, default=1, choices=[1, 2], type='int'),
|
acme_version=dict(required=False, default=1, choices=[1, 2], type='int'),
|
||||||
validate_certs=dict(required=False, default=True, type='bool'),
|
validate_certs=dict(required=False, default=True, type='bool'),
|
||||||
|
|
|
@ -869,6 +869,7 @@ def main():
|
||||||
argument_spec=dict(
|
argument_spec=dict(
|
||||||
account_key_src=dict(type='path', aliases=['account_key']),
|
account_key_src=dict(type='path', aliases=['account_key']),
|
||||||
account_key_content=dict(type='str', no_log=True),
|
account_key_content=dict(type='str', no_log=True),
|
||||||
|
account_uri=dict(required=False, type='str'),
|
||||||
modify_account=dict(required=False, type='bool', default=True),
|
modify_account=dict(required=False, type='bool', default=True),
|
||||||
acme_directory=dict(required=False, default='https://acme-staging.api.letsencrypt.org/directory', type='str'),
|
acme_directory=dict(required=False, default='https://acme-staging.api.letsencrypt.org/directory', type='str'),
|
||||||
acme_version=dict(required=False, default=1, choices=[1, 2], type='int'),
|
acme_version=dict(required=False, default=1, choices=[1, 2], type='int'),
|
||||||
|
|
|
@ -95,6 +95,7 @@ def main():
|
||||||
argument_spec=dict(
|
argument_spec=dict(
|
||||||
account_key_src=dict(type='path', aliases=['account_key']),
|
account_key_src=dict(type='path', aliases=['account_key']),
|
||||||
account_key_content=dict(type='str', no_log=True),
|
account_key_content=dict(type='str', no_log=True),
|
||||||
|
account_uri=dict(required=False, type='str'),
|
||||||
acme_directory=dict(required=False, default='https://acme-staging.api.letsencrypt.org/directory', type='str'),
|
acme_directory=dict(required=False, default='https://acme-staging.api.letsencrypt.org/directory', type='str'),
|
||||||
acme_version=dict(required=False, default=1, choices=[1, 2], type='int'),
|
acme_version=dict(required=False, default=1, choices=[1, 2], type='int'),
|
||||||
validate_certs=dict(required=False, default=True, type='bool'),
|
validate_certs=dict(required=False, default=True, type='bool'),
|
||||||
|
|
|
@ -46,6 +46,12 @@ options:
|
||||||
Ansible in the process of moving the module with its argument to
|
Ansible in the process of moving the module with its argument to
|
||||||
the node where it is executed."
|
the node where it is executed."
|
||||||
version_added: "2.5"
|
version_added: "2.5"
|
||||||
|
account_uri:
|
||||||
|
description:
|
||||||
|
- "If specified, assumes that the account URI is as given. If the
|
||||||
|
account key does not match this account, or an account with this
|
||||||
|
URI does not exist, the module fails."
|
||||||
|
version_added: "2.7"
|
||||||
acme_version:
|
acme_version:
|
||||||
description:
|
description:
|
||||||
- "The ACME version of the endpoint."
|
- "The ACME version of the endpoint."
|
||||||
|
|
|
@ -47,6 +47,7 @@
|
||||||
acme_account:
|
acme_account:
|
||||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||||
account_key_src: "{{ output_dir }}/accountkey.pem"
|
account_key_src: "{{ output_dir }}/accountkey.pem"
|
||||||
|
account_uri: "{{ account_created.account_uri }}"
|
||||||
acme_version: 2
|
acme_version: 2
|
||||||
acme_directory: https://{{ acme_host }}:14000/dir
|
acme_directory: https://{{ acme_host }}:14000/dir
|
||||||
validate_certs: no
|
validate_certs: no
|
||||||
|
@ -56,6 +57,19 @@
|
||||||
- mailto:example@example.com
|
- mailto:example@example.com
|
||||||
register: account_modified_idempotent
|
register: account_modified_idempotent
|
||||||
|
|
||||||
|
- name: Cannot access account with wrong URI
|
||||||
|
acme_account:
|
||||||
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||||
|
account_key_src: "{{ output_dir }}/accountkey.pem"
|
||||||
|
account_uri: "{{ account_created.account_uri ~ '12345thisdoesnotexist' }}"
|
||||||
|
acme_version: 2
|
||||||
|
acme_directory: https://{{ acme_host }}:14000/dir
|
||||||
|
validate_certs: no
|
||||||
|
state: present
|
||||||
|
contact: []
|
||||||
|
ignore_errors: yes
|
||||||
|
register: account_modified_wrong_uri
|
||||||
|
|
||||||
- name: Clear contact email addresses
|
- name: Clear contact email addresses
|
||||||
acme_account:
|
acme_account:
|
||||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||||
|
|
|
@ -22,6 +22,11 @@
|
||||||
- account_modified_idempotent is not changed
|
- account_modified_idempotent is not changed
|
||||||
- account_modified_idempotent.account_uri is not none
|
- account_modified_idempotent.account_uri is not none
|
||||||
|
|
||||||
|
- name: Make sure that with the wrong account URI, the account cannot be changed
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- account_modified_wrong_uri is failed
|
||||||
|
|
||||||
- name: Validate that email address was cleared
|
- name: Validate that email address was cleared
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
|
|
|
@ -103,6 +103,7 @@
|
||||||
acme_directory: https://{{ acme_host }}:14000/dir
|
acme_directory: https://{{ acme_host }}:14000/dir
|
||||||
validate_certs: no
|
validate_certs: no
|
||||||
account_key: "{{ output_dir }}/{{ account_key }}.pem"
|
account_key: "{{ output_dir }}/{{ account_key }}.pem"
|
||||||
|
account_uri: "{{ challenge_data.account_uri }}"
|
||||||
modify_account: "{{ modify_account }}"
|
modify_account: "{{ modify_account }}"
|
||||||
csr: "{{ output_dir }}/{{ certificate_name }}.csr"
|
csr: "{{ output_dir }}/{{ certificate_name }}.csr"
|
||||||
dest: "{{ output_dir }}/{{ certificate_name }}.pem"
|
dest: "{{ output_dir }}/{{ certificate_name }}.pem"
|
||||||
|
@ -123,6 +124,7 @@
|
||||||
acme_directory: https://{{ acme_host }}:14000/dir
|
acme_directory: https://{{ acme_host }}:14000/dir
|
||||||
validate_certs: no
|
validate_certs: no
|
||||||
account_key_content: "{{ account_key_content }}"
|
account_key_content: "{{ account_key_content }}"
|
||||||
|
account_uri: "{{ challenge_data.account_uri }}"
|
||||||
modify_account: "{{ modify_account }}"
|
modify_account: "{{ modify_account }}"
|
||||||
csr: "{{ output_dir }}/{{ certificate_name }}.csr"
|
csr: "{{ output_dir }}/{{ certificate_name }}.csr"
|
||||||
dest: "{{ output_dir }}/{{ certificate_name }}.pem"
|
dest: "{{ output_dir }}/{{ certificate_name }}.pem"
|
||||||
|
|
Loading…
Reference in a new issue