Ë ÇVh¸.ãó€—ddlmZmZmZeZdZdZdZddl m Z m Z m Z ddl mZmZmZddlmZmZd„Zed k(re«y y ) é)Úabsolute_importÚdivisionÚprint_functiona module: acme_inspect author: "Felix Fontein (@felixfontein)" short_description: Send direct requests to an ACME server description: - Allows to send direct requests to an ACME server with the L(ACME protocol,https://tools.ietf.org/html/rfc8555), which is supported by CAs such as L(Let's Encrypt,https://letsencrypt.org/). - This module can be used to debug failed certificate request attempts, for example when M(community.crypto.acme_certificate) fails or encounters a problem which you wish to investigate. - The module can also be used to directly access features of an ACME servers which are not yet supported by the Ansible ACME modules. notes: - The O(account_uri) option must be specified for properly authenticated ACME v2 requests (except a C(new-account) request). - "Using the C(ansible) tool, M(community.crypto.acme_inspect) can be used to directly execute ACME requests without the need of writing a playbook. For example, the following command retrieves the ACME account with ID 1 from Let's Encrypt (assuming C(/path/to/key) is the correct private account key): C(ansible localhost -m acme_inspect -a \"account_key_src=/path/to/key acme_directory=https://acme-v02.api.letsencrypt.org/directory acme_version=2 account_uri=https://acme-v02.api.letsencrypt.org/acme/acct/1 method=get url=https://acme-v02.api.letsencrypt.org/acme/acct/1\")." seealso: - name: Automatic Certificate Management Environment (ACME) description: The specification of the ACME protocol (RFC 8555). link: https://tools.ietf.org/html/rfc8555 - name: ACME TLS ALPN Challenge Extension description: The specification of the C(tls-alpn-01) challenge (RFC 8737). link: https://www.rfc-editor.org/rfc/rfc8737.html extends_documentation_fragment: - community.crypto.acme.basic - community.crypto.acme.account - community.crypto.attributes - community.crypto.attributes.actiongroup_acme attributes: check_mode: support: none diff_mode: support: none idempotent: support: none options: url: description: - The URL to send the request to. - Must be specified if O(method) is not V(directory-only). type: str method: description: - The method to use to access the given URL on the ACME server. - The value V(post) executes an authenticated POST request. The content must be specified in the O(content) option. - The value V(get) executes an authenticated POST-as-GET request for ACME v2, and a regular GET request for ACME v1. - The value V(directory-only) only retrieves the directory, without doing a request. type: str default: get choices: - get - post - directory-only content: description: - An encoded JSON object which will be sent as the content if O(method) is V(post). - Required when O(method) is V(post), and not allowed otherwise. type: str fail_on_acme_error: description: - If O(method) is V(post) or V(get), make the module fail in case an ACME error is returned. type: bool default: true aÖ --- - name: Get directory community.crypto.acme_inspect: acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory acme_version: 2 method: directory-only register: directory - name: Create an account community.crypto.acme_inspect: acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory acme_version: 2 account_key_src: /etc/pki/cert/private/account.key url: "{{ directory.newAccount}}" method: post content: '{"termsOfServiceAgreed":true}' register: account_creation # account_creation.headers.location contains the account URI # if creation was successful - name: Get account information community.crypto.acme_inspect: acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory acme_version: 2 account_key_src: /etc/pki/cert/private/account.key account_uri: "{{ account_creation.headers.location }}" url: "{{ account_creation.headers.location }}" method: get - name: Update account contacts community.crypto.acme_inspect: acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory acme_version: 2 account_key_src: /etc/pki/cert/private/account.key account_uri: "{{ account_creation.headers.location }}" url: "{{ account_creation.headers.location }}" method: post content: '{{ account_info | to_json }}' vars: account_info: # For valid values, see # https://tools.ietf.org/html/rfc8555#section-7.3 contact: - mailto:me@example.com - name: Create certificate order community.crypto.acme_certificate: acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory acme_version: 2 account_key_src: /etc/pki/cert/private/account.key account_uri: "{{ account_creation.headers.location }}" csr: /etc/pki/cert/csr/sample.com.csr fullchain_dest: /etc/httpd/ssl/sample.com-fullchain.crt challenge: http-01 register: certificate_request # Assume something went wrong. certificate_request.order_uri contains # the order URI. - name: Get order information community.crypto.acme_inspect: acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory acme_version: 2 account_key_src: /etc/pki/cert/private/account.key account_uri: "{{ account_creation.headers.location }}" url: "{{ certificate_request.order_uri }}" method: get register: order - name: Get first authz for order community.crypto.acme_inspect: acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory acme_version: 2 account_key_src: /etc/pki/cert/private/account.key account_uri: "{{ account_creation.headers.location }}" url: "{{ order.output_json.authorizations[0] }}" method: get register: authz - name: Get HTTP-01 challenge for authz community.crypto.acme_inspect: acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory acme_version: 2 account_key_src: /etc/pki/cert/private/account.key account_uri: "{{ account_creation.headers.location }}" url: "{{ authz.output_json.challenges | selectattr('type', 'equalto', 'http-01') }}" method: get register: http01challenge - name: Activate HTTP-01 challenge manually community.crypto.acme_inspect: acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory acme_version: 2 account_key_src: /etc/pki/cert/private/account.key account_uri: "{{ account_creation.headers.location }}" url: "{{ http01challenge.url }}" method: post content: '{}' aË directory: description: The ACME directory's content. returned: always type: dict sample: { "a85k3x9f91A4": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": ["letsencrypt.org"], "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org", }, "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct", "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order", "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert" } headers: description: The request's HTTP headers (with lowercase keys). returned: always type: dict sample: { "boulder-requester": "12345", "cache-control": "max-age=0, no-cache, no-store", "connection": "close", "content-length": "904", "content-type": "application/json", "cookies": {}, "cookies_string": "", "date": "Wed, 07 Nov 2018 12:34:56 GMT", "expires": "Wed, 07 Nov 2018 12:44:56 GMT", "link": ';rel="terms-of-service"', "msg": "OK (904 bytes)", "pragma": "no-cache", "replay-nonce": "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGH", "server": "nginx", "status": 200, "strict-transport-security": "max-age=604800", "url": "https://acme-v02.api.letsencrypt.org/acme/acct/46161", "x-frame-options": "DENY", } output_text: description: The raw text output. returned: always type: str sample: "{\\n \\\"id\\\": 12345,\\n \\\"key\\\": {\\n \\\"kty\\\": \\\"RSA\\\",\\n ..." output_json: description: The output parsed as JSON. returned: if output can be parsed as JSON type: dict sample: - id: 12345 - key: - kty: RSA - '...' )Úto_bytesÚ to_nativeÚto_text)Ú ACMEClientÚcreate_backendÚcreate_default_argspec)ÚACMEProtocolExceptionÚModuleFailExceptionc óê—td¬«}|jtd¬«tdgd¢d¬«td¬«tdd ¬ «¬ «|jd dd ggd dd dggd dddgd gd dddgd gf¬«|j «}t |d«}t«}d} t ||«}|jd }|jj|d<|dk7rÌ|jd }|jd}|dk(r|j|dd¬«\} } n6|dk(r1d }|j|t|jd«ddd¬«\} } |jt t «¬«« |jt| ««|d<|r| ddk\rt!|| | ¬«‚|j"dd|i|¤Žy#t$rYŒ8wxYw#t$$r} | j&|fi|¤ŽYd} ~ yd} ~ wwxYw)NF)Úrequire_account_keyÚstr)Útype)ÚgetÚpostúdirectory-onlyr)rÚchoicesÚdefaultÚboolT)rr)ÚurlÚmethodÚcontentÚfail_on_acme_errorrrrrÚaccount_key_srcÚaccount_key_content)Ú required_ifÚ directoryrr)Úparse_json_resultÚ fail_on_error)r Úencode_payloadr!)ÚheadersÚ output_textÚ output_jsonÚstatusi)ÚinforÚchanged©)r Úupdate_argspecÚdictÚupdateÚcreate_ansible_moduler r ÚparamsrÚ get_requestÚsend_signed_requestrrÚ from_jsonrÚ Exceptionr Ú exit_jsonr Údo_fail) Ú argument_specÚmoduleÚbackendÚresultr(ÚclientrrrÚdatar'Úes úq/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/crypto/plugins/modules/acme_inspect.pyÚmainr=üsC€Ü*¸uÔE€MØ× Ñ Ü eÔ ÜØÒ AÈ5ô ô˜%Ô Ü V°TÔ:ð !ôð×Ñà u˜u˜gÐ &Ø v  yÐ1Ð 2Ø uÐ0Ð2GÐHÈ$Ð OØ vÐ 1Ð3HÐIÈ4Ð Pð  ðôð× 0Ñ 0Ó 2€FܘV UÓ+€Gä ‹V€FØ€Gð)$ä˜F GÓ,ˆØ—‘˜xÑ(ˆØ$×.Ñ.×8Ñ8ˆˆ{Ñà Ð%Ò %Ø—-‘- Ñ&ˆCØ!'§¡Ð/CÑ!DÐ à˜ŠØ#×/Ñ/ب5Àð0ó‘ ‘dð˜6Ò!ØØ#×7Ñ7ØܘVŸ]™]¨9Ñ5Ó6Ø&+Ø#(Ø"'ð 8ó‘ dð M‰MÜØ Ü )¨$£ôô ð Ø(.×(8Ñ(8¼À»Ó(G}Ñ%ñ" d¨8¡n¸Ò&;Ü+¨F¸ÀtÔLÐLàˆ×ÑÑ3 Ð3¨FÓ3øô ò Ùð ûô ò$؈ ‰ &Ñ#˜F×#ûð$ús=Â#CG Å3F=Æ,G Æ= G ÇG ÇG Ç G Ç G2ÇG-Ç-G2Ú__main__N)Ú __future__rrrrÚ __metaclass__Ú DOCUMENTATIONÚEXAMPLESÚRETURNÚ+ansible.module_utils.common.text.convertersrrrÚCansible_collections.community.crypto.plugins.module_utils.acme.acmer r r ÚEansible_collections.community.crypto.plugins.module_utils.acme.errorsr r r=Ú__name__r)ór<úrIsbð÷AÑ@ð€ ðA€ ðFc €ðJ8 €÷tUÑT÷ñ÷ ò @$ðF ˆzÒÙ…FðrH