Commit Graph

8 Commits (74b0760cb4df7437879b6d7228d2875cee558cb7)

Author SHA1 Message Date
Felix Fontein b0c7efcc6b ACME: add diff to acme_account, account_public_key to acme_account_facts, and general refactoring (#49410)
* Only one exit point.

* Refactoring account handling.

* Add diff support for acme_account.

* Insert public_account_key into acme_account_facts result and into acme_account diff.

* Add changelog.
6 years ago
Felix Fontein ad0d10db0d ACME: improve tests (new Pebble version, strict mode) (#44518)
* Bump ACME test container version.

* Re-adding key rollover test.
6 years ago
Felix Fontein cfba02bc3b Allowing to force account URI. (#44282) 6 years ago
Felix Fontein d8d366ef37 ACME: using new acme-test-container (#44095)
* Using new acme-test-container image.

* Add test for cleaning account contacts.
6 years ago
Felix Fontein aef16ee195 ACME: use Cryptography (if a new enough version is available) instead of OpenSSL (#42170)
* Collecting PEM -> DER conversions.

* Using cryptography instead of OpenSSL binary in some situations.

* Moving key-to-disk writing for key content to parse_account_key.

* Rename parse_account_key -> parse_key.

* Move OpenSSL specific code for key parsing and request signing into global functions.

* Also using cryptography for key parsing and request signing.

* Remove assert statements.

* Fixing handling of key contents for cryptography code path.

* Allow to disable the use of cryptography.

* Updating documentation.

* 1.5 seems to work as well (earlier versions don't have EC sign function). Making Python 2.x adjustments.

* Changing option to select_crypto_backend.

* Python 2.6 compatibility.

* Trying to test both backends separately for acme_account.

* Also testing both backends separately for acme_certificate and acme_certificate_revoke.

* Adding changelog entry which informs about select_crypto_backend option in case autodetect fails.

* Fixing YAML.
6 years ago
Felix Fontein e0e6fe5cf7 Forgot to include validations. 6 years ago
Felix Fontein d4c16f51be New acme_* integration test using ACME test docker container (#41626)
* Using ACME test container for acme_account integration test.

* Removing dependency on setup_openssl. Waiting for controller and Pebble.

* More tinkering.

* Reducing number of tries.

* One more try.

* Another try.

* Added acme_certificate tests.

* Removed double key.

* Added tests for acme_certificate_revoke.

* Making task names more meaningful (during certificate generation).

* Using newer test container which integrates letsencrypt/pebble#137. Adding test for revoking certificate by its private key.

* Using new version of Pebble which limits the random auth delay.

* Simplifying certificates for revocation tests.

* Reworking acme_certificate tests (there are now more, but they are faster).

* Test whether account_key_content works.

* Preparing TLS-ALPN-01 support.

* Using official Ansible image of testing container on quay.io.

* Bumping version.

* Bumping version of test container to 1.1.0.

* Adjusting to new CI group names.

* Pass ACME simulator IP as playbook variable.

* Let test plugin wait for controller and CA endpoints to become active.

* Refactor common setup parts of tests to setup_acme.

* _ -> dummy

* Moving common obtain-cert.yml to setup_acme.
6 years ago
Felix Fontein dec392793b Letsencrypt: add account management module (#37275)
* Removed superfluous space.

* Separating account init code from ACMEAccount constructor.

* Extracted module utils and docs fragment.

* Added new letsencrypt_account module.

* Ignore pre-1.0.0 versions of OpenSSL.

* Added account key rollover.

* Renaming letsencrypt_account -> acme_account

* Simplifying check for updating contact information.

* Rewriting docstring for ACMEDirectory.

* Changing license according to permissions given by individual authors in https://github.com/ansible/ansible/pull/37275.

* Updating BOTMETA.

* Preparing for change of ACME protocol currently discussed in ietf-wg-acme/acme.

* Updating documentation.
7 years ago