Allowing to force account URI. (#44282)

test/integration/targets/acme_account/tasks/impl.yml

@@ -47,6 +47,7 @@
   acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"
     account_key_src: "{{ output_dir }}/accountkey.pem"
+    account_uri: "{{ account_created.account_uri }}"
     acme_version: 2
     acme_directory: https://{{ acme_host }}:14000/dir
     validate_certs: no
@@ -56,6 +57,19 @@
     - mailto:example@example.com
   register: account_modified_idempotent
 
+- name: Cannot access account with wrong URI
+  acme_account:
+    select_crypto_backend: "{{ select_crypto_backend }}"
+    account_key_src: "{{ output_dir }}/accountkey.pem"
+    account_uri: "{{ account_created.account_uri ~ '12345thisdoesnotexist' }}"
+    acme_version: 2
+    acme_directory: https://{{ acme_host }}:14000/dir
+    validate_certs: no
+    state: present
+    contact: []
+  ignore_errors: yes
+  register: account_modified_wrong_uri
+
 - name: Clear contact email addresses
   acme_account:
     select_crypto_backend: "{{ select_crypto_backend }}"

test/integration/targets/acme_account/tests/validate.yml

@@ -22,6 +22,11 @@
       - account_modified_idempotent is not changed
       - account_modified_idempotent.account_uri is not none
 
+- name: Make sure that with the wrong account URI, the account cannot be changed
+  assert:
+    that:
+      - account_modified_wrong_uri is failed
+
 - name: Validate that email address was cleared
   assert:
     that:

test/integration/targets/setup_acme/tasks/obtain-cert.yml

@@ -103,6 +103,7 @@
     acme_directory: https://{{ acme_host }}:14000/dir
     validate_certs: no
     account_key: "{{ output_dir }}/{{ account_key }}.pem"
+    account_uri: "{{ challenge_data.account_uri }}"
     modify_account: "{{ modify_account }}"
     csr: "{{ output_dir }}/{{ certificate_name }}.csr"
     dest: "{{ output_dir }}/{{ certificate_name }}.pem"
@@ -123,6 +124,7 @@
     acme_directory: https://{{ acme_host }}:14000/dir
     validate_certs: no
     account_key_content: "{{ account_key_content }}"
+    account_uri: "{{ challenge_data.account_uri }}"
     modify_account: "{{ modify_account }}"
     csr: "{{ output_dir }}/{{ certificate_name }}.csr"
     dest: "{{ output_dir }}/{{ certificate_name }}.pem"