mirror of
https://github.com/ansible-collections/community.crypto.git
synced 2026-03-26 21:33:25 +00:00
Improve ACME tests; add acme_ari_info tests; use ARI and profiles features in acme_certificate tests (#841)
* Fix description. * Add basic acme_ari_info test. * Refactoring. * Extend acme_certificate tests.
This commit is contained in:
Felix Fontein
GitHub
@@ -24,6 +24,12 @@ extends_documentation_fragment:
|
||||
- community.crypto.attributes
|
||||
- community.crypto.attributes.info_module
|
||||
- community.crypto.attributes.idempotent_not_modify_state
|
||||
attributes:
|
||||
idempotent:
|
||||
support: partial
|
||||
details:
|
||||
- The module is not idempotent if O(now) is a relative timestamp, or is not specified.
|
||||
- If O(use_ari=true), the module is not idempotent if O(ari_algorithm=standard).
|
||||
options:
|
||||
certificate_path:
|
||||
description:
|
||||
|
||||
@@ -34,7 +34,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
allow_creation: false
|
||||
@@ -46,7 +46,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
allow_creation: true
|
||||
@@ -62,7 +62,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
allow_creation: true
|
||||
@@ -76,7 +76,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
allow_creation: true
|
||||
@@ -95,7 +95,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_content: "{{ slurp.content | b64decode }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
# allow_creation: false
|
||||
@@ -110,7 +110,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_content: "{{ slurp.content | b64decode }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
# allow_creation: false
|
||||
@@ -124,7 +124,7 @@
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
account_uri: "{{ account_created.account_uri }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
# allow_creation: false
|
||||
@@ -138,7 +138,7 @@
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
account_uri: "{{ account_created.account_uri ~ '12345thisdoesnotexist' }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
contact: []
|
||||
@@ -150,7 +150,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
# allow_creation: false
|
||||
@@ -164,7 +164,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
# allow_creation: false
|
||||
@@ -176,7 +176,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
# allow_creation: false
|
||||
@@ -188,7 +188,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
new_account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
|
||||
new_account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
|
||||
@@ -204,7 +204,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
new_account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
|
||||
new_account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
|
||||
@@ -219,7 +219,7 @@
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
|
||||
account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: absent
|
||||
check_mode: true
|
||||
@@ -232,7 +232,7 @@
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
|
||||
account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: absent
|
||||
register: account_deactivate
|
||||
@@ -243,7 +243,7 @@
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
|
||||
account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: absent
|
||||
register: account_deactivate_idempotent
|
||||
@@ -254,7 +254,7 @@
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
|
||||
account_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
allow_creation: false
|
||||
@@ -266,7 +266,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
allow_creation: false
|
||||
@@ -278,7 +278,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/{{ item.account }}.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
allow_creation: true
|
||||
|
||||
@@ -28,7 +28,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
register: account_not_created
|
||||
|
||||
@@ -37,7 +37,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
allow_creation: true
|
||||
@@ -50,7 +50,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
register: account_created
|
||||
|
||||
@@ -64,7 +64,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_content: "{{ slurp.content | b64decode }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
state: present
|
||||
allow_creation: false
|
||||
@@ -75,7 +75,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
account_uri: "{{ account_created.account_uri }}"
|
||||
register: account_modified
|
||||
@@ -85,7 +85,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
account_uri: "{{ account_created.account_uri }}test1234doesnotexists"
|
||||
register: account_not_exist
|
||||
@@ -95,7 +95,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey2.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
account_uri: "{{ account_created.account_uri }}"
|
||||
ignore_errors: true
|
||||
|
||||
10
tests/integration/targets/acme_ari_info/aliases
Normal file
10
tests/integration/targets/acme_ari_info/aliases
Normal file
@@ -0,0 +1,10 @@
|
||||
# Copyright (c) Ansible Project
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
azp/generic/1
|
||||
azp/posix/1
|
||||
cloud/acme
|
||||
|
||||
# For some reason connecting to helper containers does not work on the Alpine VMs
|
||||
skip/alpine
|
||||
8
tests/integration/targets/acme_ari_info/meta/main.yml
Normal file
8
tests/integration/targets/acme_ari_info/meta/main.yml
Normal file
@@ -0,0 +1,8 @@
|
||||
---
|
||||
# Copyright (c) Ansible Project
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
dependencies:
|
||||
- setup_acme
|
||||
- setup_remote_tmp_dir
|
||||
59
tests/integration/targets/acme_ari_info/tasks/impl.yml
Normal file
59
tests/integration/targets/acme_ari_info/tasks/impl.yml
Normal file
@@ -0,0 +1,59 @@
|
||||
---
|
||||
# Copyright (c) Ansible Project
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
## SET UP ACCOUNT KEYS ########################################################################
|
||||
- block:
|
||||
- name: Generate account keys
|
||||
openssl_privatekey:
|
||||
path: "{{ remote_tmp_dir }}/{{ item.name }}.pem"
|
||||
type: "{{ item.type }}"
|
||||
size: "{{ item.size | default(omit) }}"
|
||||
curve: "{{ item.curve | default(omit) }}"
|
||||
force: true
|
||||
loop: "{{ account_keys }}"
|
||||
|
||||
vars:
|
||||
account_keys:
|
||||
- name: account-ec256
|
||||
type: ECC
|
||||
curve: secp256r1
|
||||
## CREATE ACCOUNTS AND OBTAIN CERTIFICATES ####################################################
|
||||
- name: Obtain cert 1
|
||||
include_tasks: obtain-cert.yml
|
||||
vars:
|
||||
certgen_title: Certificate 1 for renewal check
|
||||
certificate_name: cert-1
|
||||
key_type: rsa
|
||||
rsa_bits: "{{ default_rsa_key_size }}"
|
||||
subject_alt_name: "DNS:example.com"
|
||||
subject_alt_name_critical: false
|
||||
account_key: account-ec256
|
||||
challenge: http-01
|
||||
modify_account: true
|
||||
deactivate_authzs: false
|
||||
force: true
|
||||
remaining_days: "{{ omit }}"
|
||||
terms_agreed: true
|
||||
account_email: "example@example.org"
|
||||
## OBTAIN CERTIFICATE INFOS ###################################################################
|
||||
- name: Dump OpenSSL x509 info
|
||||
command:
|
||||
cmd: openssl x509 -in {{ remote_tmp_dir }}/cert-1.pem -noout -text
|
||||
- name: Obtain certificate information
|
||||
x509_certificate_info:
|
||||
path: "{{ remote_tmp_dir }}/cert-1.pem"
|
||||
register: cert_1_info
|
||||
- name: Read certificate
|
||||
slurp:
|
||||
src: '{{ remote_tmp_dir }}/cert-1.pem'
|
||||
register: slurp_cert_1
|
||||
- name: Obtain certificate information
|
||||
acme_ari_info:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
|
||||
acme_version: 2
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
register: cert_1
|
||||
44
tests/integration/targets/acme_ari_info/tasks/main.yml
Normal file
44
tests/integration/targets/acme_ari_info/tasks/main.yml
Normal file
@@ -0,0 +1,44 @@
|
||||
---
|
||||
# Copyright (c) Ansible Project
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
####################################################################
|
||||
# WARNING: These are designed specifically for Ansible tests #
|
||||
# and should not be used as examples of how to write Ansible roles #
|
||||
####################################################################
|
||||
|
||||
- vars:
|
||||
acme_certificate_profile: "{{ 'default' if acme_supports_profiles else omit }}"
|
||||
when: acme_supports_ari
|
||||
block:
|
||||
- block:
|
||||
- name: Running tests with OpenSSL backend
|
||||
include_tasks: impl.yml
|
||||
vars:
|
||||
select_crypto_backend: openssl
|
||||
|
||||
- import_tasks: ../tests/validate.yml
|
||||
|
||||
# Old 0.9.8 versions have insufficient CLI support for signing with EC keys
|
||||
when: openssl_version.stdout is version('1.0.0', '>=')
|
||||
|
||||
- name: Remove output directory
|
||||
file:
|
||||
path: "{{ remote_tmp_dir }}"
|
||||
state: absent
|
||||
|
||||
- name: Re-create output directory
|
||||
file:
|
||||
path: "{{ remote_tmp_dir }}"
|
||||
state: directory
|
||||
|
||||
- block:
|
||||
- name: Running tests with cryptography backend
|
||||
include_tasks: impl.yml
|
||||
vars:
|
||||
select_crypto_backend: cryptography
|
||||
|
||||
- import_tasks: ../tests/validate.yml
|
||||
|
||||
when: cryptography_version.stdout is version('1.5', '>=')
|
||||
1
tests/integration/targets/acme_ari_info/tasks/obtain-cert.yml
Symbolic link
1
tests/integration/targets/acme_ari_info/tasks/obtain-cert.yml
Symbolic link
@@ -0,0 +1 @@
|
||||
../../setup_acme/tasks/obtain-cert.yml
|
||||
17
tests/integration/targets/acme_ari_info/tests/validate.yml
Normal file
17
tests/integration/targets/acme_ari_info/tests/validate.yml
Normal file
@@ -0,0 +1,17 @@
|
||||
---
|
||||
# Copyright (c) Ansible Project
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
- name: Validate results
|
||||
assert:
|
||||
that:
|
||||
- cert_1 is not changed
|
||||
- cert_1.renewal_info.explanationURL is string or cert_1.renewal_info.explanationURL is not defined
|
||||
- cert_1.renewal_info.retryAfter is string or cert_1.renewal_info.retryAfter is not defined
|
||||
- cert_1.renewal_info.suggestedWindow.start is string
|
||||
- cert_1.renewal_info.suggestedWindow.end is string
|
||||
- >-
|
||||
(cert_1.renewal_info.suggestedWindow.start | ansible.builtin.to_datetime('%Y-%m-%dT%H:%M:%SZ'))
|
||||
<
|
||||
(cert_1.renewal_info.suggestedWindow.end | ansible.builtin.to_datetime('%Y-%m-%dT%H:%M:%SZ'))
|
||||
@@ -30,7 +30,7 @@
|
||||
acme_account:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
state: absent
|
||||
@@ -42,7 +42,7 @@
|
||||
acme_account:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
account_key_content: "{{ slurp.content | b64decode }}"
|
||||
state: present
|
||||
@@ -55,7 +55,7 @@
|
||||
acme_account:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-rsa.pem"
|
||||
state: present
|
||||
@@ -170,6 +170,7 @@
|
||||
remaining_days: 1
|
||||
terms_agreed: false
|
||||
account_email: ""
|
||||
acme_certificate_profile: "{{ 'default' if acme_supports_profiles else omit }}"
|
||||
acme_expected_root_number: 2
|
||||
select_chain:
|
||||
- test_certificates: last
|
||||
@@ -239,6 +240,8 @@
|
||||
terms_agreed: false
|
||||
account_email: ""
|
||||
use_csr_content: true
|
||||
acme_certificate_profile: "{{ '6days' if acme_supports_profiles else omit }}"
|
||||
acme_certificate_include_renewal_cert_id: when_ari_supported
|
||||
- name: Store obtain results for cert 5c
|
||||
set_fact:
|
||||
cert_5_recreate_2: "{{ challenge_data is changed }}"
|
||||
@@ -467,7 +470,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
retrieve_orders: ignore
|
||||
register: account_orders_not
|
||||
@@ -476,7 +479,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
retrieve_orders: url_list
|
||||
register: account_orders_urls
|
||||
@@ -485,7 +488,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec384.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
retrieve_orders: url_list
|
||||
register: account_orders_urls2
|
||||
@@ -494,7 +497,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
retrieve_orders: object_list
|
||||
register: account_orders_full
|
||||
@@ -503,7 +506,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec384.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
retrieve_orders: object_list
|
||||
register: account_orders_full2
|
||||
|
||||
@@ -29,7 +29,7 @@
|
||||
acme_certificate:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
modify_account: true
|
||||
@@ -43,7 +43,7 @@
|
||||
|
||||
- name: Inspect order
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
@@ -57,7 +57,7 @@
|
||||
|
||||
- name: Deactivate order (check mode)
|
||||
acme_certificate_deactivate_authz:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
@@ -68,7 +68,7 @@
|
||||
|
||||
- name: Inspect order again
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
@@ -82,7 +82,7 @@
|
||||
|
||||
- name: Deactivate order
|
||||
acme_certificate_deactivate_authz:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
@@ -92,7 +92,7 @@
|
||||
|
||||
- name: Inspect order again
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
@@ -106,7 +106,7 @@
|
||||
|
||||
- name: Deactivate order (check mode, idempotent)
|
||||
acme_certificate_deactivate_authz:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
@@ -117,7 +117,7 @@
|
||||
|
||||
- name: Inspect order again
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
@@ -131,7 +131,7 @@
|
||||
|
||||
- name: Deactivate order (idempotent)
|
||||
acme_certificate_deactivate_authz:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
@@ -141,7 +141,7 @@
|
||||
|
||||
- name: Inspect order again
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
|
||||
@@ -21,7 +21,7 @@
|
||||
|
||||
- name: Create ACME account
|
||||
acme_account:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
@@ -48,7 +48,7 @@
|
||||
|
||||
- name: Create certificate order
|
||||
acme_certificate_order_create:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
@@ -82,7 +82,7 @@
|
||||
|
||||
- name: Get order information
|
||||
acme_certificate_order_info:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
@@ -131,7 +131,7 @@
|
||||
|
||||
- name: Let the challenge be validated
|
||||
community.crypto.acme_certificate_order_validate:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
@@ -153,7 +153,7 @@
|
||||
|
||||
- name: Get order information
|
||||
acme_certificate_order_info:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
@@ -191,7 +191,7 @@
|
||||
|
||||
- name: Let the challenge be validated (idempotent)
|
||||
community.crypto.acme_certificate_order_validate:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
@@ -208,7 +208,7 @@
|
||||
|
||||
- name: Retrieve the cert and intermediate certificate
|
||||
community.crypto.acme_certificate_order_finalize:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
@@ -250,7 +250,7 @@
|
||||
|
||||
- name: Get order information
|
||||
acme_certificate_order_info:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
@@ -286,7 +286,7 @@
|
||||
|
||||
- name: Retrieve the cert and intermediate certificate (idempotent)
|
||||
community.crypto.acme_certificate_order_finalize:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
@@ -314,7 +314,7 @@
|
||||
|
||||
- name: Get order information
|
||||
acme_certificate_order_info:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
|
||||
@@ -54,7 +54,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
register: cert_1_renewal_1
|
||||
- name: Obtain certificate information (2/11)
|
||||
@@ -62,7 +62,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
remaining_days: 1000
|
||||
remaining_percentage: 0.5
|
||||
@@ -72,7 +72,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
certificate_content: "{{ slurp_cert_1.content | b64decode }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
now: +1800d
|
||||
register: cert_1_renewal_3
|
||||
@@ -81,7 +81,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
now: +1800d
|
||||
remaining_days: 30
|
||||
@@ -92,7 +92,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
now: +1800d
|
||||
remaining_days: 30
|
||||
@@ -103,7 +103,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
now: +1800d
|
||||
remaining_days: 10
|
||||
@@ -114,7 +114,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
now: +1830d
|
||||
register: cert_1_renewal_7
|
||||
@@ -122,7 +122,7 @@
|
||||
acme_certificate_renewal_info:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
now: +1830d
|
||||
register: cert_1_renewal_8
|
||||
@@ -131,7 +131,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
certificate_path: "{{ remote_tmp_dir }}/cert-does-not-exist.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
register: cert_1_renewal_9
|
||||
- name: Create broken file
|
||||
@@ -145,7 +145,7 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
certificate_path: "{{ remote_tmp_dir }}/cert-is-broken.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
register: cert_1_renewal_10
|
||||
ignore_errors: true
|
||||
@@ -155,6 +155,6 @@
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
certificate_path: "{{ remote_tmp_dir }}/cert-is-broken.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
register: cert_1_renewal_11
|
||||
|
||||
@@ -9,15 +9,8 @@
|
||||
####################################################################
|
||||
|
||||
- vars:
|
||||
# ARI and profiles have been added in https://github.com/ansible/ansible/pull/TODO
|
||||
# See also https://github.com/ansible/acme-test-container/pull/25
|
||||
supports_ari: "{{ ansible_version.full is version('2.19', '>=') }}"
|
||||
supports_profile: "{{ ansible_version.full is version('2.19', '>=') }}"
|
||||
|
||||
acme_certificate_profile: "{{ 'default' if supports_profile else omit }}"
|
||||
|
||||
acme_certificate_profile: "{{ 'default' if acme_supports_profiles else omit }}"
|
||||
block:
|
||||
|
||||
- block:
|
||||
- name: Running tests with OpenSSL backend
|
||||
include_tasks: impl.yml
|
||||
|
||||
@@ -61,7 +61,7 @@
|
||||
- cert_1_renewal_11.cert_id is not defined
|
||||
- cert_1_renewal_11.exists == true
|
||||
- cert_1_renewal_11.parsable == false
|
||||
when: not supports_ari
|
||||
when: not acme_supports_ari
|
||||
|
||||
- name: Validate results without ARI
|
||||
assert:
|
||||
@@ -81,24 +81,24 @@
|
||||
- cert_1_renewal_6.msg.startswith("The remaining percentage 3.0% of the certificate's lifespan was reached on ")
|
||||
- cert_1_renewal_6.supports_ari == false
|
||||
- cert_1_renewal_7.supports_ari == false
|
||||
when: not supports_ari
|
||||
when: not acme_supports_ari
|
||||
|
||||
- name: Validate results with ARI
|
||||
assert:
|
||||
that:
|
||||
- cert_1_renewal_1.supports_ari == supports_ari
|
||||
- cert_1_renewal_2.supports_ari == supports_ari
|
||||
- cert_1_renewal_1.supports_ari == true
|
||||
- cert_1_renewal_2.supports_ari == true
|
||||
- cert_1_renewal_3.should_renew == true
|
||||
- cert_1_renewal_3.msg == 'The suggested renewal interval provided by ARI is in the past'
|
||||
- cert_1_renewal_3.supports_ari == supports_ari
|
||||
- cert_1_renewal_3.supports_ari == true
|
||||
- cert_1_renewal_4.should_renew == true
|
||||
- cert_1_renewal_4.msg == 'The suggested renewal interval provided by ARI is in the past'
|
||||
- cert_1_renewal_4.supports_ari == supports_ari
|
||||
- cert_1_renewal_4.supports_ari == true
|
||||
- cert_1_renewal_5.should_renew == true
|
||||
- cert_1_renewal_5.msg == 'The suggested renewal interval provided by ARI is in the past'
|
||||
- cert_1_renewal_5.supports_ari == supports_ari
|
||||
- cert_1_renewal_5.supports_ari == true
|
||||
- cert_1_renewal_6.should_renew == true
|
||||
- cert_1_renewal_6.msg == 'The suggested renewal interval provided by ARI is in the past'
|
||||
- cert_1_renewal_6.supports_ari == supports_ari
|
||||
- cert_1_renewal_6.supports_ari == true
|
||||
- cert_1_renewal_7.supports_ari == false
|
||||
when: supports_ari
|
||||
when: acme_supports_ari
|
||||
|
||||
@@ -87,7 +87,7 @@
|
||||
account_key_src: "{{ remote_tmp_dir }}/account-ec256.pem"
|
||||
certificate: "{{ remote_tmp_dir }}/cert-1.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
ignore_errors: true
|
||||
register: cert_1_revoke
|
||||
@@ -98,7 +98,7 @@
|
||||
private_key_passphrase: "{{ 'hunter2' if select_crypto_backend != 'openssl' else omit }}"
|
||||
certificate: "{{ remote_tmp_dir }}/cert-2.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
ignore_errors: true
|
||||
register: cert_2_revoke
|
||||
@@ -112,7 +112,7 @@
|
||||
account_key_content: "{{ slurp_account_key.content | b64decode }}"
|
||||
certificate: "{{ remote_tmp_dir }}/cert-3-fullchain.pem"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
ignore_errors: true
|
||||
register: cert_3_revoke
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
|
||||
- name: Get directory
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
method: directory-only
|
||||
@@ -34,7 +34,7 @@
|
||||
|
||||
- name: Create an account
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
@@ -49,7 +49,7 @@
|
||||
|
||||
- name: Get account information
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
@@ -62,7 +62,7 @@
|
||||
|
||||
- name: Update account contacts
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
@@ -82,7 +82,7 @@
|
||||
|
||||
- name: Create certificate order
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
@@ -106,7 +106,7 @@
|
||||
|
||||
- name: Get order information
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
@@ -119,7 +119,7 @@
|
||||
|
||||
- name: Get authzs for order
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
@@ -133,7 +133,7 @@
|
||||
|
||||
- name: Get HTTP-01 challenge for authz
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
@@ -147,7 +147,7 @@
|
||||
|
||||
- name: Activate HTTP-01 challenge manually
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
@@ -162,7 +162,7 @@
|
||||
|
||||
- name: Get HTTP-01 challenge results
|
||||
acme_inspect:
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
acme_version: 2
|
||||
validate_certs: false
|
||||
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
|
||||
|
||||
@@ -8,5 +8,20 @@
|
||||
# and should not be used as examples of how to write Ansible roles #
|
||||
####################################################################
|
||||
|
||||
- debug:
|
||||
msg: "ACME test container IP is {{ acme_host }}; OpenSSL version is {{ openssl_version.stdout }}; cryptography version is {{ cryptography_version.stdout }}"
|
||||
- name: Set ACME server information
|
||||
set_fact:
|
||||
# ARI and profiles have been added in https://github.com/ansible/ansible/pull/84547
|
||||
# See also https://github.com/ansible/acme-test-container/pull/25
|
||||
acme_supports_ari: "{{ ansible_version.full is version('2.19', '>=') }}"
|
||||
acme_supports_profiles: "{{ ansible_version.full is version('2.19', '>=') }}"
|
||||
acme_directory_url: "https://{{ acme_host }}:14000/dir"
|
||||
|
||||
- name: Print ACME server information
|
||||
debug:
|
||||
msg: |-
|
||||
ACME test container IP is {{ acme_host }}
|
||||
ACME directory: {{ acme_directory_url }}
|
||||
ACME server supports ARI: {{ acme_supports_ari }}
|
||||
ACME server supports profiles: {{ acme_supports_profiles }}
|
||||
OpenSSL version is {{ openssl_version.stdout }}
|
||||
cryptography version is {{ cryptography_version.stdout }}
|
||||
|
||||
@@ -32,7 +32,7 @@
|
||||
acme_certificate:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
account_key: "{{ (remote_tmp_dir ~ '/' ~ account_key ~ '.pem') if account_key_content is not defined else omit }}"
|
||||
account_key_content: "{{ account_key_content | default(omit) }}"
|
||||
@@ -50,6 +50,7 @@
|
||||
terms_agreed: "{{ terms_agreed }}"
|
||||
account_email: "{{ account_email }}"
|
||||
profile: "{{ acme_certificate_profile | default(omit) }}"
|
||||
include_renewal_cert_id: "{{ acme_certificate_include_renewal_cert_id | default(omit) }}"
|
||||
register: challenge_data
|
||||
- name: ({{ certgen_title }}) Print challenge data
|
||||
debug:
|
||||
@@ -111,7 +112,7 @@
|
||||
acme_certificate:
|
||||
select_crypto_backend: "{{ select_crypto_backend }}"
|
||||
acme_version: 2
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
validate_certs: false
|
||||
account_key: "{{ (remote_tmp_dir ~ '/' ~ account_key ~ '.pem') if account_key_content is not defined else omit }}"
|
||||
account_key_content: "{{ account_key_content | default(omit) }}"
|
||||
|
||||
@@ -34,7 +34,7 @@
|
||||
csr_path: '{{ remote_tmp_dir }}/cert-1.csr'
|
||||
acme_accountkey_path: '{{ remote_tmp_dir }}/account.key'
|
||||
acme_challenge_path: '{{ remote_tmp_dir }}/challenges/'
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
environment:
|
||||
PATH: '{{ lookup("env", "PATH") }}:{{ remote_tmp_dir }}'
|
||||
|
||||
@@ -56,7 +56,7 @@
|
||||
csr_path: '{{ remote_tmp_dir }}/cert-2.csr'
|
||||
acme_accountkey_path: '{{ remote_tmp_dir }}/account.key'
|
||||
acme_challenge_path: '{{ remote_tmp_dir }}/challenges/'
|
||||
acme_directory: https://{{ acme_host }}:14000/dir
|
||||
acme_directory: "{{ acme_directory_url }}"
|
||||
environment:
|
||||
PATH: '{{ lookup("env", "PATH") }}:{{ remote_tmp_dir }}'
|
||||
|
||||
|
||||
Reference in New Issue
Block a user