ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-10-22 12:03:58 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Letsencrypt: add account management module (#37275)

Browse source 
* Removed superfluous space.

* Separating account init code from ACMEAccount constructor.

* Extracted module utils and docs fragment.

* Added new letsencrypt_account module.

* Ignore pre-1.0.0 versions of OpenSSL.

* Added account key rollover.

* Renaming letsencrypt_account -> acme_account

* Simplifying check for updating contact information.

* Rewriting docstring for ACMEDirectory.

* Changing license according to permissions given by individual authors in https://github.com/ansible/ansible/pull/37275.

* Updating BOTMETA.

* Preparing for change of ACME protocol currently discussed in ietf-wg-acme/acme.

* Updating documentation.
This commit is contained in:
Felix Fontein 2018-05-25 07:55:24 +02:00 committed by ansibot
commit dec392793b
9 changed files with 1042 additions and 523 deletions
Download patch file Download diff file Expand all files Collapse all files

2
test/integration/targets/acme_account/aliases Normal file
View file

@ -0,0 +1,2 @@
posix/ci/group1
destructive

2
test/integration/targets/acme_account/meta/main.yml Normal file
View file

@ -0,0 +1,2 @@
dependencies:
- setup_openssl

109
test/integration/targets/acme_account/tasks/main.yml Normal file
View file

@ -0,0 +1,109 @@
---
- block:
- debug: var=openssl_version.stdout
- name: Generate account key
command: openssl ecparam -name prime256v1 -genkey -out {{ output_dir }}/accountkey.pem
- name: Parse account key (to ease debugging some test failures)
command: openssl ec -in {{ output_dir }}/accountkey.pem -noout -text
- name: Do not try to create account
acme_account:
account_key_src: "{{ output_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
state: present
allow_creation: no
ignore_errors: yes
register: account_not_created
- name: Create it now
acme_account:
account_key_src: "{{ output_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
state: present
allow_creation: yes
terms_agreed: yes
contact:
- mailto:example@example.org
register: account_created
- name: Change email address
acme_account:
account_key_src: "{{ output_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
state: present
# allow_creation: no
contact:
- mailto:example@example.com
register: account_modified
- name: Change email address (idempotent)
acme_account:
account_key_src: "{{ output_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
state: present
# allow_creation: no
contact:
- mailto:example@example.com
register: account_modified_idempotent
- name: Generate new account key
command: openssl ecparam -name secp384r1 -genkey -out {{ output_dir }}/accountkey2.pem
- name: Parse account key (to ease debugging some test failures)
command: openssl ec -in {{ output_dir }}/accountkey2.pem -noout -text
- name: Change account key
acme_account:
account_key_src: "{{ output_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
new_account_key_src: "{{ output_dir }}/accountkey2.pem"
state: changed_key
contact:
- mailto:example@example.com
register: account_change_key
- name: Deactivate account
acme_account:
account_key_src: "{{ output_dir }}/accountkey2.pem"
acme_version: 2
acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
state: absent
register: account_deactivate
- name: Deactivate account (idempotent)
acme_account:
account_key_src: "{{ output_dir }}/accountkey2.pem"
acme_version: 2
acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
state: absent
register: account_deactivate_idempotent
- name: Do not try to create account II
acme_account:
account_key_src: "{{ output_dir }}/accountkey2.pem"
acme_version: 2
acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
state: present
allow_creation: no
ignore_errors: yes
register: account_not_created_2
- name: Do not try to create account III
acme_account:
account_key_src: "{{ output_dir }}/accountkey.pem"
acme_version: 2
acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
state: present
allow_creation: no
ignore_errors: yes
register: account_not_created_3
# Old 0.9.8 versions have insufficient CLI support for signing with EC keys
when: openssl_version.stdout is version('1.0.0', '>=')

51
test/integration/targets/acme_account/tests/validate.yml Normal file
View file

@ -0,0 +1,51 @@
---
- name: Validate that account wasn't created in the first step
assert:
that:
- account_not_created is failed
- name: Validate that account was created in the second step
assert:
that:
- account_created is changed
- account_created.account_uri is not none
- name: Validate that email address was changed
assert:
that:
- account_modified is changed
- account_modified.account_uri is not none
- name: Validate that email address was not changed a second time (idempotency)
assert:
that:
- account_modified_idempotent is not changed
- account_modified_idempotent.account_uri is not none
- name: Validate that the account key was changed
assert:
that:
- account_change_key is changed
- account_change_key.account_uri is not none
- name: Validate that the account was deactivated
assert:
that:
- account_deactivate is changed
- account_deactivate.account_uri is not none
- name: Validate that the account was really deactivated (idempotency)
assert:
that:
- account_deactivate_idempotent is not changed
- account_deactivate_idempotent.account_uri is not none
- name: Validate that the account is gone (new account key)
assert:
that:
- account_not_created_2 is failed
- name: Validate that the account is gone (old account key)
assert:
that:
- account_not_created_3 is failed