mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-22 21:00:22 -07:00
ACME: add diff to acme_account, account_public_key to acme_account_facts, and general refactoring (#49410)
* Only one exit point. * Refactoring account handling. * Add diff support for acme_account. * Insert public_account_key into acme_account_facts result and into acme_account diff. * Add changelog.
This commit is contained in:
parent
62dd1fe29e
commit
b0c7efcc6b
9 changed files with 305 additions and 104 deletions
|
@ -16,6 +16,22 @@
|
|||
ignore_errors: yes
|
||||
register: account_not_created
|
||||
|
||||
- name: Create it now (check mode, diff)
|
||||
acme_account:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ output_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
validate_certs: no
|
||||
state: present
|
||||
allow_creation: yes
|
||||
terms_agreed: yes
|
||||
contact:
|
||||
- mailto:example@example.org
|
||||
check_mode: yes
|
||||
diff: yes
|
||||
register: account_created_check
|
||||
|
||||
- name: Create it now
|
||||
acme_account:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
|
@ -30,6 +46,35 @@
|
|||
- mailto:example@example.org
|
||||
register: account_created
|
||||
|
||||
- name: Create it now (idempotent)
|
||||
acme_account:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ output_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
validate_certs: no
|
||||
state: present
|
||||
allow_creation: yes
|
||||
terms_agreed: yes
|
||||
contact:
|
||||
- mailto:example@example.org
|
||||
register: account_created_idempotent
|
||||
|
||||
- name: Change email address (check mode, diff)
|
||||
acme_account:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_content: "{{ lookup('file', output_dir ~ '/accountkey.pem') }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
validate_certs: no
|
||||
state: present
|
||||
# allow_creation: no
|
||||
contact:
|
||||
- mailto:example@example.com
|
||||
check_mode: yes
|
||||
diff: yes
|
||||
register: account_modified_check
|
||||
|
||||
- name: Change email address
|
||||
acme_account:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
|
@ -70,6 +115,20 @@
|
|||
ignore_errors: yes
|
||||
register: account_modified_wrong_uri
|
||||
|
||||
- name: Clear contact email addresses (check mode, diff)
|
||||
acme_account:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ output_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
validate_certs: no
|
||||
state: present
|
||||
# allow_creation: no
|
||||
contact: []
|
||||
check_mode: yes
|
||||
diff: yes
|
||||
register: account_modified_2_check
|
||||
|
||||
- name: Clear contact email addresses
|
||||
acme_account:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
|
@ -100,6 +159,21 @@
|
|||
- name: Parse account key (to ease debugging some test failures)
|
||||
command: openssl ec -in {{ output_dir }}/accountkey2.pem -noout -text
|
||||
|
||||
- name: Change account key (check mode, diff)
|
||||
acme_account:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ output_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
validate_certs: no
|
||||
new_account_key_src: "{{ output_dir }}/accountkey2.pem"
|
||||
state: changed_key
|
||||
contact:
|
||||
- mailto:example@example.com
|
||||
check_mode: yes
|
||||
diff: yes
|
||||
register: account_change_key_check
|
||||
|
||||
- name: Change account key
|
||||
acme_account:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
|
@ -113,6 +187,18 @@
|
|||
- mailto:example@example.com
|
||||
register: account_change_key
|
||||
|
||||
- name: Deactivate account (check mode, diff)
|
||||
acme_account:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ output_dir }}/accountkey2.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
validate_certs: no
|
||||
state: absent
|
||||
check_mode: yes
|
||||
diff: yes
|
||||
register: account_deactivate_check
|
||||
|
||||
- name: Deactivate account
|
||||
acme_account:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
|
|
|
@ -3,6 +3,18 @@
|
|||
assert:
|
||||
that:
|
||||
- account_not_created is failed
|
||||
- account_not_created.msg == 'Account does not exist or is deactivated.'
|
||||
|
||||
- name: Validate that account was created in the second step (check mode)
|
||||
assert:
|
||||
that:
|
||||
- account_created_check is changed
|
||||
- account_created_check.account_uri is none
|
||||
- "'diff' in account_created_check"
|
||||
- "account_created_check.diff.before == {}"
|
||||
- "'after' in account_created_check.diff"
|
||||
- account_created_check.diff.after.contact | length == 1
|
||||
- account_created_check.diff.after.contact[0] == 'mailto:example@example.org'
|
||||
|
||||
- name: Validate that account was created in the second step
|
||||
assert:
|
||||
|
@ -10,6 +22,23 @@
|
|||
- account_created is changed
|
||||
- account_created.account_uri is not none
|
||||
|
||||
- name: Validate that account was created in the second step (idempotency)
|
||||
assert:
|
||||
that:
|
||||
- account_created_idempotent is not changed
|
||||
- account_created_idempotent.account_uri is not none
|
||||
|
||||
- name: Validate that email address was changed (check mode)
|
||||
assert:
|
||||
that:
|
||||
- account_modified_check is changed
|
||||
- account_modified_check.account_uri is not none
|
||||
- "'diff' in account_modified_check"
|
||||
- account_modified_check.diff.before.contact | length == 1
|
||||
- account_modified_check.diff.before.contact[0] == 'mailto:example@example.org'
|
||||
- account_modified_check.diff.after.contact | length == 1
|
||||
- account_modified_check.diff.after.contact[0] == 'mailto:example@example.com'
|
||||
|
||||
- name: Validate that email address was changed
|
||||
assert:
|
||||
that:
|
||||
|
@ -27,6 +56,16 @@
|
|||
that:
|
||||
- account_modified_wrong_uri is failed
|
||||
|
||||
- name: Validate that email address was cleared (check mode)
|
||||
assert:
|
||||
that:
|
||||
- account_modified_2_check is changed
|
||||
- account_modified_2_check.account_uri is not none
|
||||
- "'diff' in account_modified_2_check"
|
||||
- account_modified_2_check.diff.before.contact | length == 1
|
||||
- account_modified_2_check.diff.before.contact[0] == 'mailto:example@example.com'
|
||||
- account_modified_2_check.diff.after.contact | length == 0
|
||||
|
||||
- name: Validate that email address was cleared
|
||||
assert:
|
||||
that:
|
||||
|
@ -39,12 +78,29 @@
|
|||
- account_modified_2_idempotent is not changed
|
||||
- account_modified_2_idempotent.account_uri is not none
|
||||
|
||||
- name: Validate that the account key was changed (check mode)
|
||||
assert:
|
||||
that:
|
||||
- account_change_key_check is changed
|
||||
- account_change_key_check.account_uri is not none
|
||||
- "'diff' in account_change_key_check"
|
||||
- account_change_key_check.diff.before.public_account_key != account_change_key_check.diff.after.public_account_key
|
||||
|
||||
- name: Validate that the account key was changed
|
||||
assert:
|
||||
that:
|
||||
- account_change_key is changed
|
||||
- account_change_key.account_uri is not none
|
||||
|
||||
- name: Validate that the account was deactivated (check mode)
|
||||
assert:
|
||||
that:
|
||||
- account_deactivate_check is changed
|
||||
- account_deactivate_check.account_uri is not none
|
||||
- "'diff' in account_deactivate_check"
|
||||
- "account_deactivate_check.diff.before != {}"
|
||||
- "account_deactivate_check.diff.after == {}"
|
||||
|
||||
- name: Validate that the account was deactivated
|
||||
assert:
|
||||
that:
|
||||
|
@ -61,8 +117,10 @@
|
|||
assert:
|
||||
that:
|
||||
- account_not_created_2 is failed
|
||||
- account_not_created_2.msg == 'Account does not exist or is deactivated.'
|
||||
|
||||
- name: Validate that the account is gone (old account key)
|
||||
assert:
|
||||
that:
|
||||
- account_not_created_3 is failed
|
||||
- account_not_created_3.msg == 'Account does not exist or is deactivated.'
|
||||
|
|
|
@ -13,6 +13,7 @@
|
|||
- account_created.account_uri is not none
|
||||
- "'account' in account_created"
|
||||
- "'contact' in account_created.account"
|
||||
- "'public_account_key' in account_created.account"
|
||||
- account_created.account.contact | length == 1
|
||||
- "account_created.account.contact[0] == 'mailto:example@example.org'"
|
||||
|
||||
|
@ -23,6 +24,7 @@
|
|||
- account_modified.account_uri is not none
|
||||
- "'account' in account_modified"
|
||||
- "'contact' in account_modified.account"
|
||||
- "'public_account_key' in account_modified.account"
|
||||
- account_modified.account.contact | length == 0
|
||||
|
||||
- name: Validate that account does not exist with wrong account URI
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue