Vh7ddlmZmZmZeZdZdZdZddl Z ddl m Z ddl m Z mZmZddlmZmZd Zed k(reyy) )absolute_importdivisionprint_functiona module: acme_account author: "Felix Fontein (@felixfontein)" short_description: Create, modify or delete ACME accounts description: - Allows to create, modify or delete accounts with a CA supporting the L(ACME protocol,https://tools.ietf.org/html/rfc8555), such as L(Let's Encrypt,https://letsencrypt.org/). - This module only works with the ACME v2 protocol. notes: - The M(community.crypto.acme_certificate) module also allows to do basic account management. When using both modules, it is recommended to disable account management for M(community.crypto.acme_certificate). For that, use the O(community.crypto.acme_certificate#module:modify_account) option of M(community.crypto.acme_certificate). seealso: - name: Automatic Certificate Management Environment (ACME) description: The specification of the ACME protocol (RFC 8555). link: https://tools.ietf.org/html/rfc8555 - module: community.crypto.acme_account_info description: Retrieves facts about an ACME account. - module: community.crypto.openssl_privatekey description: Can be used to create a private account key. - module: community.crypto.openssl_privatekey_pipe description: Can be used to create a private account key without writing it to disk. - module: community.crypto.acme_inspect description: Allows to debug problems. extends_documentation_fragment: - community.crypto.acme.basic - community.crypto.acme.account - community.crypto.attributes - community.crypto.attributes.actiongroup_acme attributes: check_mode: support: full diff_mode: support: full idempotent: support: partial details: - If O(state=changed_key) is used, the module is not idempotent. options: state: description: - The state of the account, to be identified by its account key. - If the state is V(absent), the account will either not exist or be deactivated. - If the state is V(changed_key), the account must exist. The account key will be changed; no other information will be touched. type: str required: true choices: - present - absent - changed_key allow_creation: description: - Whether account creation is allowed (when state is V(present)). type: bool default: true contact: description: - A list of contact URLs. - Email addresses must be prefixed with C(mailto:). - See U(https://tools.ietf.org/html/rfc8555#section-7.3) for what is allowed. - Must be specified when state is V(present). Will be ignored if state is V(absent) or V(changed_key). type: list elements: str default: [] terms_agreed: description: - Boolean indicating whether you agree to the terms of service document. - ACME servers can require this to be V(true). type: bool default: false new_account_key_src: description: - Path to a file containing the ACME account RSA or Elliptic Curve key to change to. - Same restrictions apply as to O(account_key_src). - Mutually exclusive with O(new_account_key_content). - Required if O(new_account_key_content) is not used and O(state) is V(changed_key). type: path new_account_key_content: description: - Content of the ACME account RSA or Elliptic Curve key to change to. - Same restrictions apply as to O(account_key_content). - Mutually exclusive with O(new_account_key_src). - Required if O(new_account_key_src) is not used and O(state) is V(changed_key). type: str new_account_key_passphrase: description: - Phassphrase to use to decode the new account key. - B(Note:) this is not supported by the C(openssl) backend, only by the C(cryptography) backend. type: str version_added: 1.6.0 external_account_binding: description: - Allows to provide external account binding data during account creation. - This is used by CAs like Sectigo, HARICA, or ZeroSSL to bind a new ACME account to an existing CA-specific account, to be able to properly identify a customer. - Only used when creating a new account. Can not be specified for ACME v1. type: dict suboptions: kid: description: - The key identifier provided by the CA. type: str required: true alg: description: - The MAC algorithm provided by the CA. - If not specified by the CA, this is probably V(HS256). type: str required: true choices: [HS256, HS384, HS512] key: description: - Base64 URL encoded value of the MAC key provided by the CA. - Padding (V(=) symbols at the end) can be omitted. type: str required: true version_added: 1.1.0 a --- - name: Make sure account exists and has given contacts. We agree to TOS. community.crypto.acme_account: account_key_src: /etc/pki/cert/private/account.key state: present terms_agreed: true contact: - mailto:me@example.com - mailto:myself@example.org - name: Make sure account has given email address. Do not create account if it does not exist community.crypto.acme_account: account_key_src: /etc/pki/cert/private/account.key state: present allow_creation: false contact: - mailto:me@example.com - name: Change account's key to the one stored in the variable new_account_key community.crypto.acme_account: account_key_src: /etc/pki/cert/private/account.key new_account_key_content: '{{ new_account_key }}' state: changed_key - name: Delete account (we have to use the new key) community.crypto.acme_account: account_key_content: '{{ new_account_key }}' state: absent zq account_uri: description: ACME account URI, or None if account does not exist. returned: always type: str N) ACMEAccount) ACMEClientcreate_backendcreate_default_argspec)KeyParsingErrorModuleFailExceptionc t}|jtddtddgdtddtddg td tdd tdd td ttddtddgdtddd|jddgfddddgdgf|j d}t |d}|j drb|j dd}t|dzdk7r|ddt|dzz zz} tj|||j dd< t||}t|}d}|j jd}i} i} |d!k(r{|jd"\} } | rt| } |j d#| d$<| r t#d%| |j$s'd&d'i} |j'|j(| d(d)g*\}}d}n|d+k(r|j jd,}|j jd-Dcgc] }t+|}}|j jd.}|j jd}|j||||/\} } | t-d0 | ri} nt| } |j d#| d$<d}| s|j/| |\}} | xs|}t| } |j d#| d$<nz|dk(rt |j1|j jd|j jd|j jd12}|jd"\} } | r t#d%| t-d0 t| } |j d#| d$<|j$s|j8d4}|d5|d#|d6}|j(|d#|j:d7} |j=|| |}|j'||d8d)g*\}}|j>rA||_|d5|j@d5<|jC} n|j>r t| } |d#| d$<d}||j(d9}|j>r| | d:|d;<|jDdrr update_account parse_keyr formatr/ directory account_jwk sign_request_diffaccount_jws_headerget_account_data exit_jsondo_fail) argument_specmodulebackendr eclientr:r=r# diff_before diff_aftercreated account_datapayloadresultinfor$vr%r"r)updated new_key_datar9 protecteddatas q/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/crypto/plugins/modules/acme_account.pymainros*,M  vu5/S 6&5"= f- $% =#'U4#@!%ed37Red4@  " !*24MNP &(AB      0 0T 0 JFVT*G }}/0mm67> s8a<1 SX\ 234C   $ $S ) $LFD  i #]]../?@N'-}}'8'8'CD!s1vDGD!==,,^(>|W(U%(Gl+J/5/F/Fu/MJ+ , m # %//MM%%&;<MM%%&?@%}}001MN 0  %,$9$9$9$O !G\$%@AA#)C|,K060G0G0NK, -$$&&{3'.'. &11*51$00 **9g|L%99>+.% :   <<.:F+7CE7JF--e4!(!9!9!;J!+. /;E/BJ+ ,G!--  <<%#F6N "6"u    V    FE@# )@GGAEEGR p  &sj5SC6T:S?%CT:*AT E T: S<S77S<?T: T7 %T22T77T:: UUU__main__) __future__rrrr __metaclass__ DOCUMENTATIONEXAMPLESRETURNrHFansible_collections.community.crypto.plugins.module_utils.acme.accountrCansible_collections.community.crypto.plugins.module_utils.acme.acmerrr Eansible_collections.community.crypto.plugins.module_utils.acme.errorsr r ro__name__rBrnr{s`A@ v p >   k\ zFrz