mirror of
https://github.com/ansible-collections/community.crypto.git
synced 2026-04-16 13:51:04 +00:00
Avoid access to invocation. (#999)
This commit is contained in:
Felix Fontein
GitHub
@@ -131,6 +131,19 @@
|
||||
register: authz
|
||||
- ansible.builtin.debug: var=authz
|
||||
|
||||
- name: Get HTTP-01 challenge URLs
|
||||
ansible.builtin.set_fact:
|
||||
http01challenge_urls: >-
|
||||
{{
|
||||
authz.results
|
||||
| map(attribute='output_json')
|
||||
| map(attribute='challenges')
|
||||
| map('selectattr', 'type', 'equalto', 'http-01')
|
||||
| map('first')
|
||||
| map(attribute='url')
|
||||
| list
|
||||
}}
|
||||
|
||||
- name: Get HTTP-01 challenge for authz
|
||||
community.crypto.acme_inspect:
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
@@ -138,13 +151,23 @@
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
account_uri: "{{ account_creation.headers.location }}"
|
||||
url: "{{ (item.challenges | selectattr('type', 'equalto', 'http-01') | list)[0].url }}"
|
||||
url: "{{ item }}"
|
||||
method: get
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
register: http01challenge
|
||||
loop: "{{ authz.results | map(attribute='output_json') | list }}"
|
||||
loop: "{{ http01challenge_urls }}"
|
||||
- ansible.builtin.debug: var=http01challenge
|
||||
|
||||
- name: Get HTTP-01 activation URLs
|
||||
ansible.builtin.set_fact:
|
||||
activation_urls: >-
|
||||
{{
|
||||
http01challenge.results
|
||||
| map(attribute='output_json')
|
||||
| map(attribute='url')
|
||||
| list
|
||||
}}
|
||||
|
||||
- name: Activate HTTP-01 challenge manually
|
||||
community.crypto.acme_inspect:
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
@@ -152,12 +175,12 @@
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
account_uri: "{{ account_creation.headers.location }}"
|
||||
url: "{{ item.url }}"
|
||||
url: "{{ item }}"
|
||||
method: post
|
||||
content: '{}'
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
register: activation
|
||||
loop: "{{ http01challenge.results | map(attribute='output_json') | list }}"
|
||||
loop: "{{ activation_urls }}"
|
||||
- ansible.builtin.debug: var=activation
|
||||
|
||||
- name: Get HTTP-01 challenge results
|
||||
@@ -167,11 +190,11 @@
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
account_uri: "{{ account_creation.headers.location }}"
|
||||
url: "{{ item.url }}"
|
||||
url: "{{ item }}"
|
||||
method: get
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
register: validation_result
|
||||
loop: "{{ http01challenge.results | map(attribute='output_json') | list }}"
|
||||
loop: "{{ http01challenge_urls }}"
|
||||
until: "validation_result.output_json.status not in ['pending', 'processing']"
|
||||
retries: 20
|
||||
delay: 1
|
||||
|
||||
@@ -92,44 +92,44 @@
|
||||
- name: Check get challenge output
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- item is not changed
|
||||
- "'directory' in item"
|
||||
- "'headers' in item"
|
||||
- "'output_text' in item"
|
||||
- "'output_json' in item"
|
||||
- item.output_json.status == 'pending'
|
||||
- item.output_json.type == 'http-01'
|
||||
- item.output_json.url == item.invocation.module_args.url
|
||||
- "'token' in item.output_json"
|
||||
loop: "{{ http01challenge.results }}"
|
||||
- item.0 is not changed
|
||||
- "'directory' in item.0"
|
||||
- "'headers' in item.0"
|
||||
- "'output_text' in item.0"
|
||||
- "'output_json' in item.0"
|
||||
- item.0.output_json.status == 'pending'
|
||||
- item.0.output_json.type == 'http-01'
|
||||
- item.0.output_json.url == item.1
|
||||
- "'token' in item.0.output_json"
|
||||
loop: "{{ http01challenge.results | zip(http01challenge_urls) }}"
|
||||
|
||||
- name: Check challenge activation output
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- item is changed
|
||||
- "'directory' in item"
|
||||
- "'headers' in item"
|
||||
- "'output_text' in item"
|
||||
- "'output_json' in item"
|
||||
- item.output_json.status in ['pending', 'processing']
|
||||
- item.output_json.type == 'http-01'
|
||||
- item.output_json.url == item.invocation.module_args.url
|
||||
- "'token' in item.output_json"
|
||||
loop: "{{ activation.results }}"
|
||||
- item.0 is changed
|
||||
- "'directory' in item.0"
|
||||
- "'headers' in item.0"
|
||||
- "'output_text' in item.0"
|
||||
- "'output_json' in item.0"
|
||||
- item.0.output_json.status in ['pending', 'processing']
|
||||
- item.0.output_json.type == 'http-01'
|
||||
- item.0.output_json.url == item.1
|
||||
- "'token' in item.0.output_json"
|
||||
loop: "{{ activation.results | zip(activation_urls) }}"
|
||||
|
||||
- name: Check validation result
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- item is not changed
|
||||
- "'directory' in item"
|
||||
- "'headers' in item"
|
||||
- "'output_text' in item"
|
||||
- "'output_json' in item"
|
||||
- item.output_json.status == 'invalid'
|
||||
- item.output_json.type == 'http-01'
|
||||
- item.output_json.url == item.invocation.module_args.url
|
||||
- "'token' in item.output_json"
|
||||
- "'validated' in item.output_json"
|
||||
- "'error' in item.output_json"
|
||||
- item.output_json.error.type == 'urn:ietf:params:acme:error:unauthorized'
|
||||
loop: "{{ validation_result.results }}"
|
||||
- item.0 is not changed
|
||||
- "'directory' in item.0"
|
||||
- "'headers' in item.0"
|
||||
- "'output_text' in item.0"
|
||||
- "'output_json' in item.0"
|
||||
- item.0.output_json.status == 'invalid'
|
||||
- item.0.output_json.type == 'http-01'
|
||||
- item.0.output_json.url == item.1
|
||||
- "'token' in item.0.output_json"
|
||||
- "'validated' in item.0.output_json"
|
||||
- "'error' in item.0.output_json"
|
||||
- item.0.output_json.error.type == 'urn:ietf:params:acme:error:unauthorized'
|
||||
loop: "{{ validation_result.results | zip(http01challenge_urls) }}"
|
||||
|
||||
Reference in New Issue
Block a user