mirror of https://github.com/ansible/ansible.git
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
245 lines
7.4 KiB
YAML
245 lines
7.4 KiB
YAML
- name: Generate account key
|
|
command: openssl ecparam -name prime256v1 -genkey -out {{ output_dir }}/accountkey.pem
|
|
|
|
- name: Parse account key (to ease debugging some test failures)
|
|
command: openssl ec -in {{ output_dir }}/accountkey.pem -noout -text
|
|
|
|
- name: Do not try to create account
|
|
acme_account:
|
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
|
account_key_src: "{{ output_dir }}/accountkey.pem"
|
|
acme_version: 2
|
|
acme_directory: https://{{ acme_host }}:14000/dir
|
|
validate_certs: no
|
|
state: present
|
|
allow_creation: no
|
|
ignore_errors: yes
|
|
register: account_not_created
|
|
|
|
- name: Create it now (check mode, diff)
|
|
acme_account:
|
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
|
account_key_src: "{{ output_dir }}/accountkey.pem"
|
|
acme_version: 2
|
|
acme_directory: https://{{ acme_host }}:14000/dir
|
|
validate_certs: no
|
|
state: present
|
|
allow_creation: yes
|
|
terms_agreed: yes
|
|
contact:
|
|
- mailto:example@example.org
|
|
check_mode: yes
|
|
diff: yes
|
|
register: account_created_check
|
|
|
|
- name: Create it now
|
|
acme_account:
|
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
|
account_key_src: "{{ output_dir }}/accountkey.pem"
|
|
acme_version: 2
|
|
acme_directory: https://{{ acme_host }}:14000/dir
|
|
validate_certs: no
|
|
state: present
|
|
allow_creation: yes
|
|
terms_agreed: yes
|
|
contact:
|
|
- mailto:example@example.org
|
|
register: account_created
|
|
|
|
- name: Create it now (idempotent)
|
|
acme_account:
|
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
|
account_key_src: "{{ output_dir }}/accountkey.pem"
|
|
acme_version: 2
|
|
acme_directory: https://{{ acme_host }}:14000/dir
|
|
validate_certs: no
|
|
state: present
|
|
allow_creation: yes
|
|
terms_agreed: yes
|
|
contact:
|
|
- mailto:example@example.org
|
|
register: account_created_idempotent
|
|
|
|
- name: Change email address (check mode, diff)
|
|
acme_account:
|
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
|
account_key_content: "{{ lookup('file', output_dir ~ '/accountkey.pem') }}"
|
|
acme_version: 2
|
|
acme_directory: https://{{ acme_host }}:14000/dir
|
|
validate_certs: no
|
|
state: present
|
|
# allow_creation: no
|
|
contact:
|
|
- mailto:example@example.com
|
|
check_mode: yes
|
|
diff: yes
|
|
register: account_modified_check
|
|
|
|
- name: Change email address
|
|
acme_account:
|
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
|
account_key_content: "{{ lookup('file', output_dir ~ '/accountkey.pem') }}"
|
|
acme_version: 2
|
|
acme_directory: https://{{ acme_host }}:14000/dir
|
|
validate_certs: no
|
|
state: present
|
|
# allow_creation: no
|
|
contact:
|
|
- mailto:example@example.com
|
|
register: account_modified
|
|
|
|
- name: Change email address (idempotent)
|
|
acme_account:
|
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
|
account_key_src: "{{ output_dir }}/accountkey.pem"
|
|
account_uri: "{{ account_created.account_uri }}"
|
|
acme_version: 2
|
|
acme_directory: https://{{ acme_host }}:14000/dir
|
|
validate_certs: no
|
|
state: present
|
|
# allow_creation: no
|
|
contact:
|
|
- mailto:example@example.com
|
|
register: account_modified_idempotent
|
|
|
|
- name: Cannot access account with wrong URI
|
|
acme_account:
|
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
|
account_key_src: "{{ output_dir }}/accountkey.pem"
|
|
account_uri: "{{ account_created.account_uri ~ '12345thisdoesnotexist' }}"
|
|
acme_version: 2
|
|
acme_directory: https://{{ acme_host }}:14000/dir
|
|
validate_certs: no
|
|
state: present
|
|
contact: []
|
|
ignore_errors: yes
|
|
register: account_modified_wrong_uri
|
|
|
|
- name: Clear contact email addresses (check mode, diff)
|
|
acme_account:
|
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
|
account_key_src: "{{ output_dir }}/accountkey.pem"
|
|
acme_version: 2
|
|
acme_directory: https://{{ acme_host }}:14000/dir
|
|
validate_certs: no
|
|
state: present
|
|
# allow_creation: no
|
|
contact: []
|
|
check_mode: yes
|
|
diff: yes
|
|
register: account_modified_2_check
|
|
|
|
- name: Clear contact email addresses
|
|
acme_account:
|
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
|
account_key_src: "{{ output_dir }}/accountkey.pem"
|
|
acme_version: 2
|
|
acme_directory: https://{{ acme_host }}:14000/dir
|
|
validate_certs: no
|
|
state: present
|
|
# allow_creation: no
|
|
contact: []
|
|
register: account_modified_2
|
|
|
|
- name: Clear contact email addresses (idempotent)
|
|
acme_account:
|
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
|
account_key_src: "{{ output_dir }}/accountkey.pem"
|
|
acme_version: 2
|
|
acme_directory: https://{{ acme_host }}:14000/dir
|
|
validate_certs: no
|
|
state: present
|
|
# allow_creation: no
|
|
contact: []
|
|
register: account_modified_2_idempotent
|
|
|
|
- name: Generate new account key
|
|
command: openssl ecparam -name secp384r1 -genkey -out {{ output_dir }}/accountkey2.pem
|
|
|
|
- name: Parse account key (to ease debugging some test failures)
|
|
command: openssl ec -in {{ output_dir }}/accountkey2.pem -noout -text
|
|
|
|
- name: Change account key (check mode, diff)
|
|
acme_account:
|
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
|
account_key_src: "{{ output_dir }}/accountkey.pem"
|
|
acme_version: 2
|
|
acme_directory: https://{{ acme_host }}:14000/dir
|
|
validate_certs: no
|
|
new_account_key_src: "{{ output_dir }}/accountkey2.pem"
|
|
state: changed_key
|
|
contact:
|
|
- mailto:example@example.com
|
|
check_mode: yes
|
|
diff: yes
|
|
register: account_change_key_check
|
|
|
|
- name: Change account key
|
|
acme_account:
|
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
|
account_key_src: "{{ output_dir }}/accountkey.pem"
|
|
acme_version: 2
|
|
acme_directory: https://{{ acme_host }}:14000/dir
|
|
validate_certs: no
|
|
new_account_key_src: "{{ output_dir }}/accountkey2.pem"
|
|
state: changed_key
|
|
contact:
|
|
- mailto:example@example.com
|
|
register: account_change_key
|
|
|
|
- name: Deactivate account (check mode, diff)
|
|
acme_account:
|
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
|
account_key_src: "{{ output_dir }}/accountkey2.pem"
|
|
acme_version: 2
|
|
acme_directory: https://{{ acme_host }}:14000/dir
|
|
validate_certs: no
|
|
state: absent
|
|
check_mode: yes
|
|
diff: yes
|
|
register: account_deactivate_check
|
|
|
|
- name: Deactivate account
|
|
acme_account:
|
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
|
account_key_src: "{{ output_dir }}/accountkey2.pem"
|
|
acme_version: 2
|
|
acme_directory: https://{{ acme_host }}:14000/dir
|
|
validate_certs: no
|
|
state: absent
|
|
register: account_deactivate
|
|
|
|
- name: Deactivate account (idempotent)
|
|
acme_account:
|
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
|
account_key_src: "{{ output_dir }}/accountkey2.pem"
|
|
acme_version: 2
|
|
acme_directory: https://{{ acme_host }}:14000/dir
|
|
validate_certs: no
|
|
state: absent
|
|
register: account_deactivate_idempotent
|
|
|
|
- name: Do not try to create account II
|
|
acme_account:
|
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
|
account_key_src: "{{ output_dir }}/accountkey2.pem"
|
|
acme_version: 2
|
|
acme_directory: https://{{ acme_host }}:14000/dir
|
|
validate_certs: no
|
|
state: present
|
|
allow_creation: no
|
|
ignore_errors: yes
|
|
register: account_not_created_2
|
|
|
|
- name: Do not try to create account III
|
|
acme_account:
|
|
select_crypto_backend: "{{ select_crypto_backend }}"
|
|
account_key_src: "{{ output_dir }}/accountkey.pem"
|
|
acme_version: 2
|
|
acme_directory: https://{{ acme_host }}:14000/dir
|
|
validate_certs: no
|
|
state: present
|
|
allow_creation: no
|
|
ignore_errors: yes
|
|
register: account_not_created_3
|