archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

acme_certificate: improve alternate chain handling (#60742)

Browse Source 
* Improve alternate chain handling.

* Fix chain handling.
pull/61203/head
Felix Fontein 5 years ago committed by ansibot
parent d06930d6f6
commit d31876416b
1 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File

22
lib/ansible/modules/crypto/acme/acme_certificate.py
Unescape Escape View File

@ -390,6 +390,11 @@ all_chains:
returned: when certificate was retrieved and I(retrieve_all_alternates) is set to C(yes) returned: when certificate was retrieved and I(retrieve_all_alternates) is set to C(yes)
type: list type: list
contains: contains:
cert:
description:
- The leaf certificate itself, in PEM format.
type: str
returned: always
chain: chain:
description: description:
- The certificate chain, excluding the root, as concatenated PEM certificates. - The certificate chain, excluding the root, as concatenated PEM certificates.
@ -917,22 +922,19 @@ class ACMEClient(object):
except ModuleFailException as e: except ModuleFailException as e:
self.module.warn('Error while downloading alternative certificate {0}: {1}'.format(alternate, e)) self.module.warn('Error while downloading alternative certificate {0}: {1}'.format(alternate, e))
continue continue
alt_chain = alt_cert.get('chain', []) alternate_chains.append(alt_cert)
if alt_chain:
alternate_chains.append(alt_chain)
else:
self.module.warn('Alternative certificate {0} chain is empty'.format(alternate))
self.all_chains = [] self.all_chains = []
def _append_all_chains(chain): def _append_all_chains(cert_data):
self.all_chains.append(dict( self.all_chains.append(dict(
chain=("\n".join(chain)).encode('utf8'), cert=cert_data['cert'].encode('utf8'),
full_chain=(cert['cert'] + "\n".join(chain)).encode('utf8'), chain=("\n".join(cert_data.get('chain', []))).encode('utf8'),
full_chain=(cert_data['cert'] + "\n".join(cert_data.get('chain', []))).encode('utf8'),
)) ))
_append_all_chains(cert.get('chain', [])) _append_all_chains(cert)
for alt_chain in alternate_chains: for alt_chain in alternate_chains:
_append_all_chains(alt_chain.get('chain', [])) _append_all_chains(alt_chain)
if cert['cert'] is not None: if cert['cert'] is not None:
pem_cert = cert['cert'] pem_cert = cert['cert']

Write Preview
Loading…
Cancel
Save