New acme_account_facts module. (#44301)

test/integration/targets/acme_account_facts/aliases

@@ -0,0 +1,2 @@
+shippable/cloud/group1
+cloud/acme

test/integration/targets/acme_account_facts/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+  - setup_acme

test/integration/targets/acme_account_facts/tasks/impl.yml

@@ -0,0 +1,82 @@
+---
+- name: Generate account key
+  command: openssl ecparam -name prime256v1 -genkey -out {{ output_dir }}/accountkey.pem
+
+- name: Generate second account key
+  command: openssl ecparam -name prime256v1 -genkey -out {{ output_dir }}/accountkey2.pem
+
+- name: Parse account key (to ease debugging some test failures)
+  command: openssl ec -in {{ output_dir }}/accountkey.pem -noout -text
+
+- name: Check that account does not exist
+  acme_account_facts:
+    select_crypto_backend: "{{ select_crypto_backend }}"
+    account_key_src: "{{ output_dir }}/accountkey.pem"
+    acme_version: 2
+    acme_directory: https://{{ acme_host }}:14000/dir
+    validate_certs: no
+  register: account_not_created
+
+- name: Create it now
+  acme_account:
+    select_crypto_backend: "{{ select_crypto_backend }}"
+    account_key_src: "{{ output_dir }}/accountkey.pem"
+    acme_version: 2
+    acme_directory: https://{{ acme_host }}:14000/dir
+    validate_certs: no
+    state: present
+    allow_creation: yes
+    terms_agreed: yes
+    contact:
+    - mailto:example@example.org
+
+- name: Check that account exists
+  acme_account_facts:
+    select_crypto_backend: "{{ select_crypto_backend }}"
+    account_key_src: "{{ output_dir }}/accountkey.pem"
+    acme_version: 2
+    acme_directory: https://{{ acme_host }}:14000/dir
+    validate_certs: no
+  register: account_created
+
+- name: Clear email address
+  acme_account:
+    select_crypto_backend: "{{ select_crypto_backend }}"
+    account_key_content: "{{ lookup('file', output_dir ~ '/accountkey.pem') }}"
+    acme_version: 2
+    acme_directory: https://{{ acme_host }}:14000/dir
+    validate_certs: no
+    state: present
+    allow_creation: no
+    contact: []
+
+- name: Check that account was modified
+  acme_account_facts:
+    select_crypto_backend: "{{ select_crypto_backend }}"
+    account_key_src: "{{ output_dir }}/accountkey.pem"
+    acme_version: 2
+    acme_directory: https://{{ acme_host }}:14000/dir
+    validate_certs: no
+    account_uri: "{{ account_created.account_uri }}"
+  register: account_modified
+
+- name: Check with wrong account URI
+  acme_account_facts:
+    select_crypto_backend: "{{ select_crypto_backend }}"
+    account_key_src: "{{ output_dir }}/accountkey.pem"
+    acme_version: 2
+    acme_directory: https://{{ acme_host }}:14000/dir
+    validate_certs: no
+    account_uri: "{{ account_created.account_uri }}test1234doesnotexists"
+  register: account_not_exist
+
+- name: Check with wrong account key
+  acme_account_facts:
+    select_crypto_backend: "{{ select_crypto_backend }}"
+    account_key_src: "{{ output_dir }}/accountkey2.pem"
+    acme_version: 2
+    acme_directory: https://{{ acme_host }}:14000/dir
+    validate_certs: no
+    account_uri: "{{ account_created.account_uri }}"
+  ignore_errors: yes
+  register: account_wrong_key

test/integration/targets/acme_account_facts/tasks/main.yml

@@ -0,0 +1,31 @@
+---
+- block:
+  - name: Running tests with OpenSSL backend
+    include_tasks: impl.yml
+    vars:
+      select_crypto_backend: openssl
+
+  - import_tasks: ../tests/validate.yml
+
+  # Old 0.9.8 versions have insufficient CLI support for signing with EC keys
+  when: openssl_version.stdout is version('1.0.0', '>=')
+
+- name: Remove output directory
+  file:
+    path: "{{ output_dir }}"
+    state: absent
+
+- name: Re-create output directory
+  file:
+    path: "{{ output_dir }}"
+    state: directory
+
+- block:
+  - name: Running tests with cryptography backend
+    include_tasks: impl.yml
+    vars:
+      select_crypto_backend: cryptography
+
+  - import_tasks: ../tests/validate.yml
+
+  when: cryptography_version.stdout is version('1.5', '>=')

test/integration/targets/acme_account_facts/tests/validate.yml

@@ -0,0 +1,38 @@
+---
+- name: Validate that account wasn't there
+  assert:
+    that:
+      - not account_not_created.exists
+      - account_not_created.account_uri is none
+      - "'account' not in account_not_created"
+
+- name: Validate that account was created
+  assert:
+    that:
+      - account_created.exists
+      - account_created.account_uri is not none
+      - "'account' in account_created"
+      - "'contact' in account_created.account"
+      - account_created.account.contact | length == 1
+      - "account_created.account.contact[0] == 'mailto:example@example.org'"
+
+- name: Validate that account email was removed
+  assert:
+    that:
+      - account_modified.exists
+      - account_modified.account_uri is not none
+      - "'account' in account_modified"
+      - "'contact' in account_modified.account"
+      - account_modified.account.contact | length == 0
+
+- name: Validate that account does not exist with wrong account URI
+  assert:
+    that:
+      - not account_not_exist.exists
+      - account_not_exist.account_uri is none
+      - "'account' not in account_not_exist"
+
+- name: Validate that account cannot be accessed with wrong key
+  assert:
+    that:
+      - account_wrong_key is failed