Avoid access to invocation. (#999)

2026-05-08 14:22:56 +00:00 · 2026-04-05 12:11:29 +02:00
parent d966acbef4
commit 4cd397382e
2 changed files with 62 additions and 39 deletions
--- a/tests/integration/targets/acme_inspect/tasks/impl.yml
+++ b/tests/integration/targets/acme_inspect/tasks/impl.yml
@@ -131,6 +131,19 @@
  register: authz
 - ansible.builtin.debug: var=authz
 - name: Get HTTP-01 challenge URLs
  ansible.builtin.set_fact:
    http01challenge_urls: >-
      {{
        authz.results
        | map(attribute='output_json')
        | map(attribute='challenges')
        | map('selectattr', 'type', 'equalto', 'http-01')
        | map('first')
        | map(attribute='url')
        | list
      }}
 - name: Get HTTP-01 challenge for authz
  community.crypto.acme_inspect:
    acme_directory: "{{ acme_directory_url }}"
@@ -138,13 +151,23 @@
    validate_certs: false
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
    account_uri: "{{ account_creation.headers.location }}"
-    url: "{{ (item.challenges | selectattr('type', 'equalto', 'http-01') | list)[0].url }}"
+    url: "{{ item }}"
    method: get
    select_crypto_backend: "{{ select_crypto_backend }}"
  register: http01challenge
-  loop: "{{ authz.results | map(attribute='output_json') | list }}"
+  loop: "{{ http01challenge_urls }}"
 - ansible.builtin.debug: var=http01challenge
 - name: Get HTTP-01 activation URLs
  ansible.builtin.set_fact:
    activation_urls: >-
      {{
        http01challenge.results
        | map(attribute='output_json')
        | map(attribute='url')
        | list
      }}
 - name: Activate HTTP-01 challenge manually
  community.crypto.acme_inspect:
    acme_directory: "{{ acme_directory_url }}"
@@ -152,12 +175,12 @@
    validate_certs: false
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
    account_uri: "{{ account_creation.headers.location }}"
-    url: "{{ item.url }}"
+    url: "{{ item }}"
    method: post
    content: '{}'
    select_crypto_backend: "{{ select_crypto_backend }}"
  register: activation
-  loop: "{{ http01challenge.results | map(attribute='output_json') | list }}"
+  loop: "{{ activation_urls }}"
 - ansible.builtin.debug: var=activation
 - name: Get HTTP-01 challenge results
@@ -167,11 +190,11 @@
    validate_certs: false
    account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
    account_uri: "{{ account_creation.headers.location }}"
-    url: "{{ item.url }}"
+    url: "{{ item }}"
    method: get
    select_crypto_backend: "{{ select_crypto_backend }}"
  register: validation_result
-  loop: "{{ http01challenge.results | map(attribute='output_json') | list }}"
+  loop: "{{ http01challenge_urls }}"
  until: "validation_result.output_json.status not in ['pending', 'processing']"
  retries: 20
  delay: 1
--- a/tests/integration/targets/acme_inspect/tests/validate.yml
+++ b/tests/integration/targets/acme_inspect/tests/validate.yml
@@ -92,44 +92,44 @@
 - name: Check get challenge output
  ansible.builtin.assert:
    that:
-      - item is not changed
+      - item.0 is not changed
-      - "'directory' in item"
+      - "'directory' in item.0"
-      - "'headers' in item"
+      - "'headers' in item.0"
-      - "'output_text' in item"
+      - "'output_text' in item.0"
-      - "'output_json' in item"
+      - "'output_json' in item.0"
-      - item.output_json.status == 'pending'
+      - item.0.output_json.status == 'pending'
-      - item.output_json.type == 'http-01'
+      - item.0.output_json.type == 'http-01'
-      - item.output_json.url == item.invocation.module_args.url
+      - item.0.output_json.url == item.1
-      - "'token' in item.output_json"
+      - "'token' in item.0.output_json"
-  loop: "{{ http01challenge.results }}"
+  loop: "{{ http01challenge.results | zip(http01challenge_urls) }}"
 - name: Check challenge activation output
  ansible.builtin.assert:
    that:
-      - item is changed
+      - item.0 is changed
-      - "'directory' in item"
+      - "'directory' in item.0"
-      - "'headers' in item"
+      - "'headers' in item.0"
-      - "'output_text' in item"
+      - "'output_text' in item.0"
-      - "'output_json' in item"
+      - "'output_json' in item.0"
-      - item.output_json.status in ['pending', 'processing']
+      - item.0.output_json.status in ['pending', 'processing']
-      - item.output_json.type == 'http-01'
+      - item.0.output_json.type == 'http-01'
-      - item.output_json.url == item.invocation.module_args.url
+      - item.0.output_json.url == item.1
-      - "'token' in item.output_json"
+      - "'token' in item.0.output_json"
-  loop: "{{ activation.results }}"
+  loop: "{{ activation.results | zip(activation_urls) }}"
 - name: Check validation result
  ansible.builtin.assert:
    that:
-      - item is not changed
+      - item.0 is not changed
-      - "'directory' in item"
+      - "'directory' in item.0"
-      - "'headers' in item"
+      - "'headers' in item.0"
-      - "'output_text' in item"
+      - "'output_text' in item.0"
-      - "'output_json' in item"
+      - "'output_json' in item.0"
-      - item.output_json.status == 'invalid'
+      - item.0.output_json.status == 'invalid'
-      - item.output_json.type == 'http-01'
+      - item.0.output_json.type == 'http-01'
-      - item.output_json.url == item.invocation.module_args.url
+      - item.0.output_json.url == item.1
-      - "'token' in item.output_json"
+      - "'token' in item.0.output_json"
-      - "'validated' in item.output_json"
+      - "'validated' in item.0.output_json"
-      - "'error' in item.output_json"
+      - "'error' in item.0.output_json"
-      - item.output_json.error.type == 'urn:ietf:params:acme:error:unauthorized'
+      - item.0.output_json.error.type == 'urn:ietf:params:acme:error:unauthorized'
-  loop: "{{ validation_result.results }}"
+  loop: "{{ validation_result.results | zip(http01challenge_urls) }}"