New acme_account_facts module. (#44301)

2025-07-25 06:10:22 -07:00 · 2018-08-17 15:32:09 +02:00 · 2018-08-17 15:32:09 +02:00 · a99cfc1814
commit a99cfc1814
parent bc4f7abe96
7 changed files with 321 additions and 4 deletions
--- a/lib/ansible/module_utils/acme.py
+++ b/lib/ansible/module_utils/acme.py
@ -681,13 +681,17 @@ class ACMEAccount(object):
        if self.version == 1:
            data['resource'] = 'reg'
        result, info = self.send_signed_request(self.uri, data)
-        if info['status'] == 403 and result.get('type') == 'urn:ietf:params:acme:error:unauthorized':
+        if info['status'] in (400, 403) and result.get('type') == 'urn:ietf:params:acme:error:unauthorized':
+            # Returned when account is deactivated
+            return None
+        if info['status'] in (400, 404) and result.get('type') == 'urn:ietf:params:acme:error:accountDoesNotExist':
+            # Returned when account does not exist
            return None
        if info['status'] < 200 or info['status'] >= 300:
            raise ModuleFailException("Error getting account data from {2}: {0} {1}".format(info['status'], result, self.uri))
        return result

-    def init_account(self, contact, agreement=None, terms_agreed=False, allow_creation=True, update_contact=True):
+    def init_account(self, contact, agreement=None, terms_agreed=False, allow_creation=True, update_contact=True, remove_account_uri_if_not_exists=False):
        '''
        Create or update an account on the ACME server. For ACME v1,
        as the only way (without knowing an account URI) to test if an
@ -717,7 +721,11 @@ class ACMEAccount(object):
            if not update_contact:
                # Verify that the account key belongs to the URI.
                # (If update_contact is True, this will be done below.)
-                self.get_account_data()
+                if self.get_account_data() is None:
+                    if remove_account_uri_if_not_exists and not allow_creation:
+                        self.uri = None
+                        return False
+                    raise ModuleFailException("Account is deactivated or does not exist!")
        else:
            new_account = self._new_reg(
                contact,
@ -733,7 +741,7 @@ class ACMEAccount(object):
                if not allow_creation:
                    self.uri = None
                    return False
-                raise ModuleFailException("Account is deactivated!")
+                raise ModuleFailException("Account is deactivated or does not exist!")

            # ...and check if update is necessary
            if result.get('contact', []) != contact: