ACME: improve acme_certificate docs, include cert_id in acme_certificate_renewal_info return value (#747)

* Use community.dns.quote_txt filter instead of regex replace to quote TXT entry value. * Fix documentation of acme_certificate's challenge_data return value. * Also return cert_id from acme_certificate_renewal_info module. * The cert ID cannot be computed if the certificate has no AKI. This happens with older Pebble versions, which are used when testing against older ansible-core/-base/Ansible versions. * Fix AKI extraction for older OpenSSL versions.
2026-05-07 22:03:01 +00:00 · 2024-05-04 23:38:57 +02:00
parent 59606d48ad
commit 553ab45f46
14 changed files with 323 additions and 115 deletions
--- a/tests/integration/targets/acme_certificate_renewal_info/tasks/impl.yml
+++ b/tests/integration/targets/acme_certificate_renewal_info/tasks/impl.yml
@@ -38,6 +38,9 @@
    terms_agreed: true
    account_email: "example@example.org"
 ## OBTAIN CERTIFICATE INFOS ###################################################################
+- name: Dump OpenSSL x509 info
+  command:
+    cmd: openssl x509 -in {{ remote_tmp_dir }}/cert-1.pem -noout -text
 - name: Obtain certificate information
  x509_certificate_info:
    path: "{{ remote_tmp_dir }}/cert-1.pem"
@@ -46,7 +49,7 @@
  slurp:
    src: '{{ remote_tmp_dir }}/cert-1.pem'
  register: slurp_cert_1
- name: Obtain certificate information (1/6)
+- name: Obtain certificate information (1/9)
  acme_certificate_renewal_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
@@ -55,7 +58,7 @@
    validate_certs: false
    # Certificate is valid for ~1826 days
  register: cert_1_renewal_1
- name: Obtain certificate information (2/6)
+- name: Obtain certificate information (2/9)
  acme_certificate_renewal_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
@@ -66,7 +69,7 @@
    remaining_days: 1000
    remaining_percentage: 0.5
  register: cert_1_renewal_2
- name: Obtain certificate information (3/6)
+- name: Obtain certificate information (3/9)
  acme_certificate_renewal_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    certificate_content: "{{ slurp_cert_1.content | b64decode }}"
@@ -76,7 +79,7 @@
    now: +1800d
    # Certificate is valid for ~26 days
  register: cert_1_renewal_3
- name: Obtain certificate information (4/6)
+- name: Obtain certificate information (4/9)
  acme_certificate_renewal_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
@@ -88,7 +91,7 @@
    remaining_days: 30
    remaining_percentage: 0.1
  register: cert_1_renewal_4
- name: Obtain certificate information (5/6)
+- name: Obtain certificate information (5/9)
  acme_certificate_renewal_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
@@ -100,7 +103,7 @@
    remaining_days: 30
    remaining_percentage: 0.01
  register: cert_1_renewal_5
- name: Obtain certificate information (6/6)
+- name: Obtain certificate information (6/9)
  acme_certificate_renewal_info:
    select_crypto_backend: "{{ select_crypto_backend }}"
    certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
@@ -112,3 +115,31 @@
    remaining_days: 10
    remaining_percentage: 0.03
  register: cert_1_renewal_6
+- name: Obtain certificate information (7/9)
+  acme_certificate_renewal_info:
+    select_crypto_backend: "{{ select_crypto_backend }}"
+    certificate_path: "{{ remote_tmp_dir }}/cert-1.pem"
+    acme_version: 2
+    acme_directory: https://{{ acme_host }}:14000/dir
+    validate_certs: false
+    now: +1830d
+    # Certificate is no longer valid
+  register: cert_1_renewal_7
+- name: Obtain certificate information (8/9)
+  acme_certificate_renewal_info:
+    select_crypto_backend: "{{ select_crypto_backend }}"
+    acme_version: 2
+    acme_directory: https://{{ acme_host }}:14000/dir
+    validate_certs: false
+    now: +1830d
+    # Certificate is no longer valid
+  register: cert_1_renewal_8
+- name: Obtain certificate information (9/9)
+  acme_certificate_renewal_info:
+    select_crypto_backend: "{{ select_crypto_backend }}"
+    certificate_path: "{{ remote_tmp_dir }}/cert-does-not-exist.pem"
+    acme_version: 2
+    acme_directory: https://{{ acme_host }}:14000/dir
+    validate_certs: false
+    # Certificate is no longer valid
+  register: cert_1_renewal_9
--- a/tests/integration/targets/acme_certificate_renewal_info/tests/validate.yml
+++ b/tests/integration/targets/acme_certificate_renewal_info/tests/validate.yml
@@ -9,20 +9,39 @@
      - cert_1_renewal_1.should_renew == false
      - cert_1_renewal_1.msg == 'The certificate is still valid and no condition was reached'
      - cert_1_renewal_1.supports_ari == supports_ari
+      - cert_1_renewal_1.cert_id is string or not can_have_cert_id
      - cert_1_renewal_2.should_renew == false
      - cert_1_renewal_2.msg == 'The certificate is still valid and no condition was reached'
      - cert_1_renewal_2.supports_ari == supports_ari
+      - cert_1_renewal_2.cert_id is string or not can_have_cert_id
      - cert_1_renewal_3.should_renew == false
      - cert_1_renewal_3.msg == 'The certificate is still valid and no condition was reached'
      - cert_1_renewal_3.supports_ari == supports_ari
+      - cert_1_renewal_3.cert_id is string or not can_have_cert_id
      - cert_1_renewal_4.should_renew == true
      - cert_1_renewal_4.msg == 'The certificate expires in 25 days'
      - cert_1_renewal_4.supports_ari == supports_ari
+      - cert_1_renewal_4.cert_id is string or not can_have_cert_id
      - cert_1_renewal_5.should_renew == true
      - cert_1_renewal_5.msg == 'The certificate expires in 25 days'
      - cert_1_renewal_5.supports_ari == supports_ari
+      - cert_1_renewal_5.cert_id is string or not can_have_cert_id
      - cert_1_renewal_6.should_renew == true
      - cert_1_renewal_6.msg.startswith("The remaining percentage 3.0% of the certificate's lifespan was reached on ")
      - cert_1_renewal_6.supports_ari == supports_ari
+      - cert_1_renewal_6.cert_id is string or not can_have_cert_id
+      - cert_1_renewal_7.should_renew == true
+      - cert_1_renewal_7.msg == 'The certificate has already expired'
+      - cert_1_renewal_7.supports_ari == false
+      - cert_1_renewal_7.cert_id is string or not can_have_cert_id
+      - cert_1_renewal_8.should_renew == true
+      - cert_1_renewal_8.msg == 'No certificate was specified'
+      - cert_1_renewal_8.supports_ari == false
+      - cert_1_renewal_8.cert_id is not defined
+      - cert_1_renewal_9.should_renew == true
+      - cert_1_renewal_9.msg == 'The certificate file does not exist'
+      - cert_1_renewal_9.supports_ari == false
+      - cert_1_renewal_9.cert_id is not defined
  vars:
+    can_have_cert_id: cert_1_info.authority_key_identifier is string
    supports_ari: false