internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-05-06 13:22:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ded8568802b90dfaa1732042c6855400a99e0976
community.crypto/tests/integration/targets/acme_inspect/tasks/impl.yml
Felix Fontein 99d6a17653 Fix some ansible-lint issues (#907) (#908) 
* Fix fqcn[action-core].

* Fix fqcn[action].

* Fix jinja[spacing].

(cherry picked from commit 8792635bef)
2025-05-30 22:43:43 +02:00

179 lines
6.1 KiB
YAML
Raw Blame History

---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
- block:
- name: Generate account keys
community.crypto.openssl_privatekey:
path: "{{ remote_tmp_dir }}/{{ item }}.pem"
type: ECC
curve: secp256r1
force: true
loop: "{{ account_keys }}"
- name: Parse account keys (to ease debugging some test failures)
community.crypto.openssl_privatekey_info:
path: "{{ remote_tmp_dir }}/{{ item }}.pem"
return_private_key_data: true
loop: "{{ account_keys }}"
vars:
account_keys:
- accountkey
- name: Get directory
community.crypto.acme_inspect:
acme_directory: "{{ acme_directory_url }}"
acme_version: 2
validate_certs: false
method: directory-only
select_crypto_backend: "{{ select_crypto_backend }}"
register: directory
- ansible.builtin.debug: var=directory
- name: Create an account
community.crypto.acme_inspect:
acme_directory: "{{ acme_directory_url }}"
acme_version: 2
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
url: "{{ directory.directory.newAccount }}"
method: post
content: '{"termsOfServiceAgreed":true}'
select_crypto_backend: "{{ select_crypto_backend }}"
register: account_creation
# account_creation.headers.location contains the account URI
# if creation was successful
- ansible.builtin.debug: var=account_creation
- name: Get account information
community.crypto.acme_inspect:
acme_directory: "{{ acme_directory_url }}"
acme_version: 2
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}"
url: "{{ account_creation.headers.location }}"
method: get
select_crypto_backend: "{{ select_crypto_backend }}"
register: account_get
- ansible.builtin.debug: var=account_get
- name: Update account contacts
community.crypto.acme_inspect:
acme_directory: "{{ acme_directory_url }}"
acme_version: 2
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}"
url: "{{ account_creation.headers.location }}"
method: post
content: '{{ account_info | to_json }}'
select_crypto_backend: "{{ select_crypto_backend }}"
vars:
account_info:
# For valid values, see
# https://www.rfc-editor.org/rfc/rfc8555.html#section-7.3
contact:
- mailto:me@example.com
register: account_update
- ansible.builtin.debug: var=account_update
- name: Create certificate order
community.crypto.acme_inspect:
acme_directory: "{{ acme_directory_url }}"
acme_version: 2
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}"
url: "{{ directory.directory.newOrder }}"
method: post
content: '{{ create_order | to_json }}'
select_crypto_backend: "{{ select_crypto_backend }}"
vars:
create_order:
# For valid values, see
# https://www.rfc-editor.org/rfc/rfc8555.html#section-7.4 and
# https://www.rfc-editor.org/rfc/rfc8738.html
identifiers:
- type: dns
value: example.com
- type: dns
value: example.org
register: new_order
- ansible.builtin.debug: var=new_order
- name: Get order information
community.crypto.acme_inspect:
acme_directory: "{{ acme_directory_url }}"
acme_version: 2
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}"
url: "{{ new_order.headers.location }}"
method: get
select_crypto_backend: "{{ select_crypto_backend }}"
register: order
- ansible.builtin.debug: var=order
- name: Get authzs for order
community.crypto.acme_inspect:
acme_directory: "{{ acme_directory_url }}"
acme_version: 2
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}"
url: "{{ item }}"
method: get
select_crypto_backend: "{{ select_crypto_backend }}"
loop: "{{ order.output_json.authorizations }}"
register: authz
- ansible.builtin.debug: var=authz
- name: Get HTTP-01 challenge for authz
community.crypto.acme_inspect:
acme_directory: "{{ acme_directory_url }}"
acme_version: 2
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}"
url: "{{ (item.challenges | selectattr('type', 'equalto', 'http-01') | list)[0].url }}"
method: get
select_crypto_backend: "{{ select_crypto_backend }}"
register: http01challenge
loop: "{{ authz.results | map(attribute='output_json') | list }}"
- ansible.builtin.debug: var=http01challenge
- name: Activate HTTP-01 challenge manually
community.crypto.acme_inspect:
acme_directory: "{{ acme_directory_url }}"
acme_version: 2
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}"
url: "{{ item.url }}"
method: post
content: '{}'
select_crypto_backend: "{{ select_crypto_backend }}"
register: activation
loop: "{{ http01challenge.results | map(attribute='output_json') | list }}"
- ansible.builtin.debug: var=activation
- name: Get HTTP-01 challenge results
community.crypto.acme_inspect:
acme_directory: "{{ acme_directory_url }}"
acme_version: 2
validate_certs: false
account_key_src: "{{ remote_tmp_dir }}/accountkey.pem"
account_uri: "{{ account_creation.headers.location }}"
url: "{{ item.url }}"
method: get
select_crypto_backend: "{{ select_crypto_backend }}"
register: validation_result
loop: "{{ http01challenge.results | map(attribute='output_json') | list }}"
until: "validation_result.output_json.status not in ['pending', 'processing']"
retries: 20
delay: 1
- ansible.builtin.debug: var=validation_result
Reference in New Issue View Git Blame Copy Permalink