ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity
community.general/test/integration/targets/acme_account/tasks/impl.yml
Felix Fontein aef16ee195 ACME: use Cryptography (if a new enough version is available) instead of OpenSSL (#42170) 
* Collecting PEM -> DER conversions.

* Using cryptography instead of OpenSSL binary in some situations.

* Moving key-to-disk writing for key content to parse_account_key.

* Rename parse_account_key -> parse_key.

* Move OpenSSL specific code for key parsing and request signing into global functions.

* Also using cryptography for key parsing and request signing.

* Remove assert statements.

* Fixing handling of key contents for cryptography code path.

* Allow to disable the use of cryptography.

* Updating documentation.

* 1.5 seems to work as well (earlier versions don't have EC sign function). Making Python 2.x adjustments.

* Changing option to select_crypto_backend.

* Python 2.6 compatibility.

* Trying to test both backends separately for acme_account.

* Also testing both backends separately for acme_certificate and acme_certificate_revoke.

* Adding changelog entry which informs about select_crypto_backend option in case autodetect fails.

* Fixing YAML.
2018-08-12 19:12:01 +02:00

157 lines
5 KiB
YAML
Raw Blame History

- name: Generate account key
command: openssl ecparam -name prime256v1 -genkey -out {{ output_dir }}/accountkey.pem
- name: Parse account key (to ease debugging some test failures)
command: openssl ec -in {{ output_dir }}/accountkey.pem -noout -text
- name: Do not try to create account
acme_account:
select_crypto_backend: "{{ select_crypto_backend }}"
account_key_src: "{{ output_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
state: present
allow_creation: no
ignore_errors: yes
register: account_not_created
- name: Create it now
acme_account:
select_crypto_backend: "{{ select_crypto_backend }}"
account_key_src: "{{ output_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
state: present
allow_creation: yes
terms_agreed: yes
contact:
- mailto:example@example.org
register: account_created
- name: Change email address
acme_account:
select_crypto_backend: "{{ select_crypto_backend }}"
account_key_content: "{{ lookup('file', output_dir ~ '/accountkey.pem') }}"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
state: present
# allow_creation: no
contact:
- mailto:example@example.com
register: account_modified
- name: Change email address (idempotent)
acme_account:
select_crypto_backend: "{{ select_crypto_backend }}"
account_key_src: "{{ output_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
state: present
# allow_creation: no
contact:
- mailto:example@example.com
register: account_modified_idempotent
- name: Generate new account key
command: openssl ecparam -name secp384r1 -genkey -out {{ output_dir }}/accountkey2.pem
- name: Parse account key (to ease debugging some test failures)
command: openssl ec -in {{ output_dir }}/accountkey2.pem -noout -text
# Note that pebble has no change key endpoint implemented yet!
# When it has (and the container was updated), uncomment the
# uncomment the following tests, and delete the ones below the
# out-commented ones.
# - name: Change account key
# acme_account:
# select_crypto_backend: "{{ select_crypto_backend }}"
# account_key_src: "{{ output_dir }}/accountkey.pem"
# acme_version: 2
# acme_directory: https://{{ acme_host }}:14000/dir
# validate_certs: no
# new_account_key_src: "{{ output_dir }}/accountkey2.pem"
# state: changed_key
# contact:
# - mailto:example@example.com
# register: account_change_key
# - name: Deactivate account
# acme_account:
# select_crypto_backend: "{{ select_crypto_backend }}"
# account_key_src: "{{ output_dir }}/accountkey2.pem"
# acme_version: 2
# acme_directory: https://{{ acme_host }}:14000/dir
# validate_certs: no
# state: absent
# register: account_deactivate
# - name: Deactivate account (idempotent)
# acme_account:
# select_crypto_backend: "{{ select_crypto_backend }}"
# account_key_src: "{{ output_dir }}/accountkey2.pem"
# acme_version: 2
# acme_directory: https://{{ acme_host }}:14000/dir
# validate_certs: no
# state: absent
# register: account_deactivate_idempotent
# - name: Do not try to create account II
# acme_account:
# select_crypto_backend: "{{ select_crypto_backend }}"
# account_key_src: "{{ output_dir }}/accountkey2.pem"
# acme_version: 2
# acme_directory: https://{{ acme_host }}:14000/dir
# validate_certs: no
# state: present
# allow_creation: no
# ignore_errors: yes
# register: account_not_created_2
# - name: Do not try to create account III
# acme_account:
# select_crypto_backend: "{{ select_crypto_backend }}"
# account_key_src: "{{ output_dir }}/accountkey.pem"
# acme_version: 2
# acme_directory: https://{{ acme_host }}:14000/dir
# validate_certs: no
# state: present
# allow_creation: no
# ignore_errors: yes
# register: account_not_created_3
- name: Deactivate account
acme_account:
select_crypto_backend: "{{ select_crypto_backend }}"
account_key_src: "{{ output_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
state: absent
register: account_deactivate
- name: Deactivate account (idempotent)
acme_account:
select_crypto_backend: "{{ select_crypto_backend }}"
account_key_src: "{{ output_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
state: absent
register: account_deactivate_idempotent
- name: Do not try to create account II
acme_account:
select_crypto_backend: "{{ select_crypto_backend }}"
account_key_src: "{{ output_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://{{ acme_host }}:14000/dir
validate_certs: no
state: present
allow_creation: no
ignore_errors: yes
register: account_not_created_2
View git blame Copy permalink