-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New gpg_keypair module to manage GPG keys. #743
base: main
Are you sure you want to change the base?
New gpg_keypair module to manage GPG keys. #743
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your contribution! I've added some first comments below.
One thing that should be discussed is idempotence. I.e. what does happen if parameters like key_type
do not match the existing key (if state=present
).
Generally Ansible should ensure the state, i.e. if the existing key has the wrong type, size, key usage, ..., it should be modified to the module's parameters. For objects such as private keys (or disk partitions etc.), destructive operations are generally a bad idea, so it makes sense to make that configurable, but other changes (like key usage) can be made without cycling the private key. For the private key handling modules in this collection, we usually make this behavior configurable (consider for example the regenerate
option of community.crypto.openssl_privatekey
).
Do you already have plans (after all this PR is marked as a draft)?
Co-authored-by: Felix Fontein <[email protected]>
Co-authored-by: Felix Fontein <[email protected]>
Co-authored-by: Felix Fontein <[email protected]>
Co-authored-by: Felix Fontein <[email protected]>
Thanks for the comments! Regeneration as you described, would be great. However there is a problem when matching against specific key types. The This is the output for an ECDSA key using the secp256k1 curve:
This the output for an ECDSA key using the brainpoolP512r1 curve:
This is the output for an ECDSA key with an ECDH subkey, both of which use brainpoolP521r1 curve:
This problem really only applies for when trying to decipher between ECDSA and ECDH keys. RSA, DSA, and ELG keys all include their key_type tags in the output along with the bit length. And EDDSA is output as ed25519 as thats the only curve its compatible with. Now that I think about it, it may be possible to differentiate between ECDSA and ECDH if I factor in the key usage as well. I'll see what I can do in that regard in the next couple of days. |
Co-authored-by: Felix Fontein <[email protected]>
Co-authored-by: Felix Fontein <[email protected]>
Co-authored-by: Felix Fontein <[email protected]>
Co-authored-by: Felix Fontein <[email protected]>
Did you try to look at the |
Just took a look at that now. That should work. From what I see from the output, the OpenPGP algorithm id numbers can be parsed. I can convert those into the corresponding values for the |
Will be working on conditional regeneration over the next couple of days. Should be ready for review once that is fleshed out. |
plugins/modules/gpg_keypair.py
Outdated
import re | ||
|
||
from ansible.module_utils.basic import AnsibleModule | ||
from ansible_collections.community.crypto.plugins.plugin_utils.gnupg.py import PluginGPGRunner |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
First, the .py
shouldn't be there, and second, this import does not work for modules, only for non-module plugins. Modules can only import things from module_utils.
For modules you'll need to create a new GPGRunner
impementation (in module_utils/gnupg/
, say a new file module_runner.py
) that uses AnsibleModule.run_command()
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Quick question on your PluginGPGRunner code. I notice that its a child class that derives from the abstract bass class of GPGRunner, which you also wrote. What's the reasoning for doing that? Why not just put the functionality PluginGPGRunner in GPGRunner?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PluginGPGRunner
is only acceptable for plugins, not for modules, since it doesn't (and cannot) use AnsibleModule.run_command
.
Co-authored-by: Felix Fontein <[email protected]>
Docs Build 📝Thank you for contribution!✨ The docs for this PR have been published here: You can compare to the docs for the The docsite for this PR is also available for download as an artifact from this run: File changes:
Click to see the diff comparison.NOTE: only file modifications are shown here. New and deleted files are excluded. The diff output was truncated because it exceeded the maximum size. diff --git a/home/runner/work/community.crypto/community.crypto/docsbuild/base/acme_account_facts_module.html b/home/runner/work/community.crypto/community.crypto/docsbuild/head/acme_account_facts_module.html
index e2915de..5c9e65b 100644
--- a/home/runner/work/community.crypto/community.crypto/docsbuild/base/acme_account_facts_module.html
+++ b/home/runner/work/community.crypto/community.crypto/docsbuild/head/acme_account_facts_module.html
@@ -85,6 +85,8 @@
<li class="toctree-l1"><a class="reference internal" href="acme_account_info_module.html">community.crypto.acme_account_info module – Retrieves information on ACME accounts</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_ari_info_module.html">community.crypto.acme_ari_info module – Retrieves ACME Renewal Information (ARI) for a certificate</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_certificate_module.html">community.crypto.acme_certificate module – Create SSL/TLS certificates with the ACME protocol</a></li>
+<li class="toctree-l1"><a class="reference internal" href="acme_certificate_deactivate_authz_module.html">community.crypto.acme_certificate_deactivate_authz module – Deactivate all authz for an ACME v2 order</a></li>
+<li class="toctree-l1"><a class="reference internal" href="acme_certificate_renewal_info_module.html">community.crypto.acme_certificate_renewal_info module – Determine whether a certificate should be renewed or not</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_certificate_revoke_module.html">community.crypto.acme_certificate_revoke module – Revoke certificates with the ACME protocol</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_challenge_cert_helper_module.html">community.crypto.acme_challenge_cert_helper module – Prepare certificates required for ACME challenges such as <code class="docutils literal notranslate"><span class="pre">tls-alpn-01</span></code></a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_inspect_module.html">community.crypto.acme_inspect module – Send direct requests to an ACME server</a></li>
@@ -93,6 +95,7 @@
<li class="toctree-l1"><a class="reference internal" href="ecs_certificate_module.html">community.crypto.ecs_certificate module – Request SSL/TLS certificates with the Entrust Certificate Services (ECS) API</a></li>
<li class="toctree-l1"><a class="reference internal" href="ecs_domain_module.html">community.crypto.ecs_domain module – Request validation of a domain with the Entrust Certificate Services (ECS) API</a></li>
<li class="toctree-l1"><a class="reference internal" href="get_certificate_module.html">community.crypto.get_certificate module – Get a certificate from a host:port</a></li>
+<li class="toctree-l1"><a class="reference internal" href="gpg_keypair_module.html">community.crypto.gpg_keypair module – Generate or delete GPG private and public keys</a></li>
<li class="toctree-l1"><a class="reference internal" href="luks_device_module.html">community.crypto.luks_device module – Manage encrypted (LUKS) devices</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssh_cert_module.html">community.crypto.openssh_cert module – Generate OpenSSH host or user certificates.</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssh_keypair_module.html">community.crypto.openssh_keypair module – Generate OpenSSH private and public keys</a></li>
@@ -161,7 +164,7 @@
<h1>community.crypto.acme_account_facts<a class="headerlink" href="#community-crypto-acme-account-facts" title="Link to this heading"></a></h1>
<div class="admonition note">
<p class="admonition-title">Note</p>
-<p>This plugin was part of the <a class="reference external" href="https://galaxy.ansible.com/ui/repo/published/community/crypto/">community.crypto collection</a> (version 2.20.0).</p>
+<p>This plugin was part of the <a class="reference external" href="https://galaxy.ansible.com/ui/repo/published/community/crypto/">community.crypto collection</a> (version 2.21.0).</p>
</div>
<p>This module has been removed
in version 2.0.0 of community.crypto.
diff --git a/home/runner/work/community.crypto/community.crypto/docsbuild/base/acme_account_info_module.html b/home/runner/work/community.crypto/community.crypto/docsbuild/head/acme_account_info_module.html
index 0467309..1c41777 100644
--- a/home/runner/work/community.crypto/community.crypto/docsbuild/base/acme_account_info_module.html
+++ b/home/runner/work/community.crypto/community.crypto/docsbuild/head/acme_account_info_module.html
@@ -101,6 +101,8 @@
</li>
<li class="toctree-l1"><a class="reference internal" href="acme_ari_info_module.html">community.crypto.acme_ari_info module – Retrieves ACME Renewal Information (ARI) for a certificate</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_certificate_module.html">community.crypto.acme_certificate module – Create SSL/TLS certificates with the ACME protocol</a></li>
+<li class="toctree-l1"><a class="reference internal" href="acme_certificate_deactivate_authz_module.html">community.crypto.acme_certificate_deactivate_authz module – Deactivate all authz for an ACME v2 order</a></li>
+<li class="toctree-l1"><a class="reference internal" href="acme_certificate_renewal_info_module.html">community.crypto.acme_certificate_renewal_info module – Determine whether a certificate should be renewed or not</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_certificate_revoke_module.html">community.crypto.acme_certificate_revoke module – Revoke certificates with the ACME protocol</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_challenge_cert_helper_module.html">community.crypto.acme_challenge_cert_helper module – Prepare certificates required for ACME challenges such as <code class="docutils literal notranslate"><span class="pre">tls-alpn-01</span></code></a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_inspect_module.html">community.crypto.acme_inspect module – Send direct requests to an ACME server</a></li>
@@ -109,6 +111,7 @@
<li class="toctree-l1"><a class="reference internal" href="ecs_certificate_module.html">community.crypto.ecs_certificate module – Request SSL/TLS certificates with the Entrust Certificate Services (ECS) API</a></li>
<li class="toctree-l1"><a class="reference internal" href="ecs_domain_module.html">community.crypto.ecs_domain module – Request validation of a domain with the Entrust Certificate Services (ECS) API</a></li>
<li class="toctree-l1"><a class="reference internal" href="get_certificate_module.html">community.crypto.get_certificate module – Get a certificate from a host:port</a></li>
+<li class="toctree-l1"><a class="reference internal" href="gpg_keypair_module.html">community.crypto.gpg_keypair module – Generate or delete GPG private and public keys</a></li>
<li class="toctree-l1"><a class="reference internal" href="luks_device_module.html">community.crypto.luks_device module – Manage encrypted (LUKS) devices</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssh_cert_module.html">community.crypto.openssh_cert module – Generate OpenSSH host or user certificates.</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssh_keypair_module.html">community.crypto.openssh_keypair module – Generate OpenSSH private and public keys</a></li>
@@ -179,7 +182,7 @@
<h1>community.crypto.acme_account_info module – Retrieves information on ACME accounts<a class="headerlink" href="#community-crypto-acme-account-info-module-retrieves-information-on-acme-accounts" title="Link to this heading"></a></h1>
<div class="admonition note">
<p class="admonition-title">Note</p>
-<p>This module is part of the <a class="reference external" href="https://galaxy.ansible.com/ui/repo/published/community/crypto/">community.crypto collection</a> (version 2.20.0).</p>
+<p>This module is part of the <a class="reference external" href="https://galaxy.ansible.com/ui/repo/published/community/crypto/">community.crypto collection</a> (version 2.21.0).</p>
<p>It is not included in <code class="docutils literal notranslate"><span class="pre">ansible-core</span></code>.
To check whether it is installed, run <code class="code docutils literal notranslate"><span class="pre">ansible-galaxy</span> <span class="pre">collection</span> <span class="pre">list</span></code>.</p>
<p>To install it, use: <code class="code docutils literal notranslate"><span class="pre">ansible-galaxy</span> <span class="pre">collection</span> <span class="pre">install</span> <span class="pre">community.crypto</span></code>.
diff --git a/home/runner/work/community.crypto/community.crypto/docsbuild/base/acme_account_module.html b/home/runner/work/community.crypto/community.crypto/docsbuild/head/acme_account_module.html
index 6f04fb8..4660a40 100644
--- a/home/runner/work/community.crypto/community.crypto/docsbuild/base/acme_account_module.html
+++ b/home/runner/work/community.crypto/community.crypto/docsbuild/head/acme_account_module.html
@@ -101,6 +101,8 @@
<li class="toctree-l1"><a class="reference internal" href="acme_account_info_module.html">community.crypto.acme_account_info module – Retrieves information on ACME accounts</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_ari_info_module.html">community.crypto.acme_ari_info module – Retrieves ACME Renewal Information (ARI) for a certificate</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_certificate_module.html">community.crypto.acme_certificate module – Create SSL/TLS certificates with the ACME protocol</a></li>
+<li class="toctree-l1"><a class="reference internal" href="acme_certificate_deactivate_authz_module.html">community.crypto.acme_certificate_deactivate_authz module – Deactivate all authz for an ACME v2 order</a></li>
+<li class="toctree-l1"><a class="reference internal" href="acme_certificate_renewal_info_module.html">community.crypto.acme_certificate_renewal_info module – Determine whether a certificate should be renewed or not</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_certificate_revoke_module.html">community.crypto.acme_certificate_revoke module – Revoke certificates with the ACME protocol</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_challenge_cert_helper_module.html">community.crypto.acme_challenge_cert_helper module – Prepare certificates required for ACME challenges such as <code class="docutils literal notranslate"><span class="pre">tls-alpn-01</span></code></a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_inspect_module.html">community.crypto.acme_inspect module – Send direct requests to an ACME server</a></li>
@@ -109,6 +111,7 @@
<li class="toctree-l1"><a class="reference internal" href="ecs_certificate_module.html">community.crypto.ecs_certificate module – Request SSL/TLS certificates with the Entrust Certificate Services (ECS) API</a></li>
<li class="toctree-l1"><a class="reference internal" href="ecs_domain_module.html">community.crypto.ecs_domain module – Request validation of a domain with the Entrust Certificate Services (ECS) API</a></li>
<li class="toctree-l1"><a class="reference internal" href="get_certificate_module.html">community.crypto.get_certificate module – Get a certificate from a host:port</a></li>
+<li class="toctree-l1"><a class="reference internal" href="gpg_keypair_module.html">community.crypto.gpg_keypair module – Generate or delete GPG private and public keys</a></li>
<li class="toctree-l1"><a class="reference internal" href="luks_device_module.html">community.crypto.luks_device module – Manage encrypted (LUKS) devices</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssh_cert_module.html">community.crypto.openssh_cert module – Generate OpenSSH host or user certificates.</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssh_keypair_module.html">community.crypto.openssh_keypair module – Generate OpenSSH private and public keys</a></li>
@@ -179,7 +182,7 @@
<h1>community.crypto.acme_account module – Create, modify or delete ACME accounts<a class="headerlink" href="#community-crypto-acme-account-module-create-modify-or-delete-acme-accounts" title="Link to this heading"></a></h1>
<div class="admonition note">
<p class="admonition-title">Note</p>
-<p>This module is part of the <a class="reference external" href="https://galaxy.ansible.com/ui/repo/published/community/crypto/">community.crypto collection</a> (version 2.20.0).</p>
+<p>This module is part of the <a class="reference external" href="https://galaxy.ansible.com/ui/repo/published/community/crypto/">community.crypto collection</a> (version 2.21.0).</p>
<p>It is not included in <code class="docutils literal notranslate"><span class="pre">ansible-core</span></code>.
To check whether it is installed, run <code class="code docutils literal notranslate"><span class="pre">ansible-galaxy</span> <span class="pre">collection</span> <span class="pre">list</span></code>.</p>
<p>To install it, use: <code class="code docutils literal notranslate"><span class="pre">ansible-galaxy</span> <span class="pre">collection</span> <span class="pre">install</span> <span class="pre">community.crypto</span></code>.
diff --git a/home/runner/work/community.crypto/community.crypto/docsbuild/base/acme_ari_info_module.html b/home/runner/work/community.crypto/community.crypto/docsbuild/head/acme_ari_info_module.html
index f806843..d8978a2 100644
--- a/home/runner/work/community.crypto/community.crypto/docsbuild/base/acme_ari_info_module.html
+++ b/home/runner/work/community.crypto/community.crypto/docsbuild/head/acme_ari_info_module.html
@@ -101,6 +101,8 @@
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="acme_certificate_module.html">community.crypto.acme_certificate module – Create SSL/TLS certificates with the ACME protocol</a></li>
+<li class="toctree-l1"><a class="reference internal" href="acme_certificate_deactivate_authz_module.html">community.crypto.acme_certificate_deactivate_authz module – Deactivate all authz for an ACME v2 order</a></li>
+<li class="toctree-l1"><a class="reference internal" href="acme_certificate_renewal_info_module.html">community.crypto.acme_certificate_renewal_info module – Determine whether a certificate should be renewed or not</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_certificate_revoke_module.html">community.crypto.acme_certificate_revoke module – Revoke certificates with the ACME protocol</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_challenge_cert_helper_module.html">community.crypto.acme_challenge_cert_helper module – Prepare certificates required for ACME challenges such as <code class="docutils literal notranslate"><span class="pre">tls-alpn-01</span></code></a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_inspect_module.html">community.crypto.acme_inspect module – Send direct requests to an ACME server</a></li>
@@ -109,6 +111,7 @@
<li class="toctree-l1"><a class="reference internal" href="ecs_certificate_module.html">community.crypto.ecs_certificate module – Request SSL/TLS certificates with the Entrust Certificate Services (ECS) API</a></li>
<li class="toctree-l1"><a class="reference internal" href="ecs_domain_module.html">community.crypto.ecs_domain module – Request validation of a domain with the Entrust Certificate Services (ECS) API</a></li>
<li class="toctree-l1"><a class="reference internal" href="get_certificate_module.html">community.crypto.get_certificate module – Get a certificate from a host:port</a></li>
+<li class="toctree-l1"><a class="reference internal" href="gpg_keypair_module.html">community.crypto.gpg_keypair module – Generate or delete GPG private and public keys</a></li>
<li class="toctree-l1"><a class="reference internal" href="luks_device_module.html">community.crypto.luks_device module – Manage encrypted (LUKS) devices</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssh_cert_module.html">community.crypto.openssh_cert module – Generate OpenSSH host or user certificates.</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssh_keypair_module.html">community.crypto.openssh_keypair module – Generate OpenSSH private and public keys</a></li>
@@ -179,7 +182,7 @@
<h1>community.crypto.acme_ari_info module – Retrieves ACME Renewal Information (ARI) for a certificate<a class="headerlink" href="#community-crypto-acme-ari-info-module-retrieves-acme-renewal-information-ari-for-a-certificate" title="Link to this heading"></a></h1>
<div class="admonition note">
<p class="admonition-title">Note</p>
-<p>This module is part of the <a class="reference external" href="https://galaxy.ansible.com/ui/repo/published/community/crypto/">community.crypto collection</a> (version 2.20.0).</p>
+<p>This module is part of the <a class="reference external" href="https://galaxy.ansible.com/ui/repo/published/community/crypto/">community.crypto collection</a> (version 2.21.0).</p>
<p>It is not included in <code class="docutils literal notranslate"><span class="pre">ansible-core</span></code>.
To check whether it is installed, run <code class="code docutils literal notranslate"><span class="pre">ansible-galaxy</span> <span class="pre">collection</span> <span class="pre">list</span></code>.</p>
<p>To install it, use: <code class="code docutils literal notranslate"><span class="pre">ansible-galaxy</span> <span class="pre">collection</span> <span class="pre">install</span> <span class="pre">community.crypto</span></code>.
diff --git a/home/runner/work/community.crypto/community.crypto/docsbuild/base/acme_certificate_module.html b/home/runner/work/community.crypto/community.crypto/docsbuild/head/acme_certificate_module.html
index dc01628..3d30893 100644
--- a/home/runner/work/community.crypto/community.crypto/docsbuild/base/acme_certificate_module.html
+++ b/home/runner/work/community.crypto/community.crypto/docsbuild/head/acme_certificate_module.html
@@ -24,7 +24,7 @@
<script src="_static/sphinx_highlight.js?v=dc90522c"></script>
<script src="_static/js/theme.js"></script>
<link rel="search" title="Search" href="search.html" />
- <link rel="next" title="community.crypto.acme_certificate_revoke module – Revoke certificates with the ACME protocol" href="acme_certificate_revoke_module.html" />
+ <link rel="next" title="community.crypto.acme_certificate_deactivate_authz module – Deactivate all authz for an ACME v2 order" href="acme_certificate_deactivate_authz_module.html" />
<link rel="prev" title="community.crypto.acme_ari_info module – Retrieves ACME Renewal Information (ARI) for a certificate" href="acme_ari_info_module.html" /><!-- extra head elements for Ansible beyond RTD Sphinx Theme -->
@@ -101,6 +101,8 @@
</li>
</ul>
</li>
+<li class="toctree-l1"><a class="reference internal" href="acme_certificate_deactivate_authz_module.html">community.crypto.acme_certificate_deactivate_authz module – Deactivate all authz for an ACME v2 order</a></li>
+<li class="toctree-l1"><a class="reference internal" href="acme_certificate_renewal_info_module.html">community.crypto.acme_certificate_renewal_info module – Determine whether a certificate should be renewed or not</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_certificate_revoke_module.html">community.crypto.acme_certificate_revoke module – Revoke certificates with the ACME protocol</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_challenge_cert_helper_module.html">community.crypto.acme_challenge_cert_helper module – Prepare certificates required for ACME challenges such as <code class="docutils literal notranslate"><span class="pre">tls-alpn-01</span></code></a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_inspect_module.html">community.crypto.acme_inspect module – Send direct requests to an ACME server</a></li>
@@ -109,6 +111,7 @@
<li class="toctree-l1"><a class="reference internal" href="ecs_certificate_module.html">community.crypto.ecs_certificate module – Request SSL/TLS certificates with the Entrust Certificate Services (ECS) API</a></li>
<li class="toctree-l1"><a class="reference internal" href="ecs_domain_module.html">community.crypto.ecs_domain module – Request validation of a domain with the Entrust Certificate Services (ECS) API</a></li>
<li class="toctree-l1"><a class="reference internal" href="get_certificate_module.html">community.crypto.get_certificate module – Get a certificate from a host:port</a></li>
+<li class="toctree-l1"><a class="reference internal" href="gpg_keypair_module.html">community.crypto.gpg_keypair module – Generate or delete GPG private and public keys</a></li>
<li class="toctree-l1"><a class="reference internal" href="luks_device_module.html">community.crypto.luks_device module – Manage encrypted (LUKS) devices</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssh_cert_module.html">community.crypto.openssh_cert module – Generate OpenSSH host or user certificates.</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssh_keypair_module.html">community.crypto.openssh_keypair module – Generate OpenSSH private and public keys</a></li>
@@ -179,7 +182,7 @@
<h1>community.crypto.acme_certificate module – Create SSL/TLS certificates with the ACME protocol<a class="headerlink" href="#community-crypto-acme-certificate-module-create-ssl-tls-certificates-with-the-acme-protocol" title="Link to this heading"></a></h1>
<div class="admonition note">
<p class="admonition-title">Note</p>
-<p>This module is part of the <a class="reference external" href="https://galaxy.ansible.com/ui/repo/published/community/crypto/">community.crypto collection</a> (version 2.20.0).</p>
+<p>This module is part of the <a class="reference external" href="https://galaxy.ansible.com/ui/repo/published/community/crypto/">community.crypto collection</a> (version 2.21.0).</p>
<p>It is not included in <code class="docutils literal notranslate"><span class="pre">ansible-core</span></code>.
To check whether it is installed, run <code class="code docutils literal notranslate"><span class="pre">ansible-galaxy</span> <span class="pre">collection</span> <span class="pre">list</span></code>.</p>
<p>To install it, use: <code class="code docutils literal notranslate"><span class="pre">ansible-galaxy</span> <span class="pre">collection</span> <span class="pre">install</span> <span class="pre">community.crypto</span></code>.
@@ -342,9 +345,9 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<p class="ansible-option-type-line"><span class="ansible-option-type">path</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>File containing the CSR for the new certificate.</p>
-<p>Can be created with <a class="reference internal" href="openssl_csr_module.html#ansible-collections-community-crypto-openssl-csr-module"><span class="std std-ref">community.crypto.openssl_csr</span></a> or <code class="docutils literal notranslate"><span class="pre">openssl</span> <span class="pre">req</span> <span class="pre">...</span></code>.</p>
+<p>Can be created with <a class="reference internal" href="openssl_csr_module.html#ansible-collections-community-crypto-openssl-csr-module"><span class="std std-ref">community.crypto.openssl_csr</span></a>.</p>
<p>The CSR may contain multiple Subject Alternate Names, but each one will lead to an individual challenge that must be fulfilled for the CSR to be signed.</p>
-<p><em>Note</em>: the private key used to create the CSR <em>must not</em> be the account key. This is a bad idea from a security point of view, and the CA should not accept the CSR. The ACME server should return an error in this case.</p>
+<p><strong>Note</strong>: the private key used to create the CSR <strong>must not</strong> be the account key. This is a bad idea from a security point of view, and the CA should not accept the CSR. The ACME server should return an error in this case.</p>
<p>Precisely one of <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-module-parameter-csr"><span class="std std-ref"><span class="pre">csr</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-module-parameter-csr-content"><span class="std std-ref"><span class="pre">csr_content</span></span></a></strong></code> must be specified.</p>
</div></td>
</tr>
@@ -354,9 +357,9 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<p><em class="ansible-option-versionadded">added in community.crypto 1.2.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>Content of the CSR for the new certificate.</p>
-<p>Can be created with <a class="reference internal" href="openssl_csr_pipe_module.html#ansible-collections-community-crypto-openssl-csr-pipe-module"><span class="std std-ref">community.crypto.openssl_csr_pipe</span></a> or <code class="docutils literal notranslate"><span class="pre">openssl</span> <span class="pre">req</span> <span class="pre">...</span></code>.</p>
+<p>Can be created with <a class="reference internal" href="openssl_csr_pipe_module.html#ansible-collections-community-crypto-openssl-csr-pipe-module"><span class="std std-ref">community.crypto.openssl_csr_pipe</span></a>.</p>
<p>The CSR may contain multiple Subject Alternate Names, but each one will lead to an individual challenge that must be fulfilled for the CSR to be signed.</p>
-<p><em>Note</em>: the private key used to create the CSR <em>must not</em> be the account key. This is a bad idea from a security point of view, and the CA should not accept the CSR. The ACME server should return an error in this case.</p>
+<p><strong>Note</strong>: the private key used to create the CSR <strong>must not</strong> be the account key. This is a bad idea from a security point of view, and the CA should not accept the CSR. The ACME server should return an error in this case.</p>
<p>Precisely one of <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-module-parameter-csr"><span class="std std-ref"><span class="pre">csr</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-module-parameter-csr-content"><span class="std std-ref"><span class="pre">csr_content</span></span></a></strong></code> must be specified.</p>
</div></td>
</tr>
@@ -426,7 +429,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<p><code class="ansible-value docutils literal notranslate"><span class="pre">never</span></code> never sends the certificate ID of the certificate to renew. <code class="ansible-value docutils literal notranslate"><span class="pre">always</span></code> will always send it.</p>
<p><code class="ansible-value docutils literal notranslate"><span class="pre">when_ari_supported</span></code> only sends the certificate ID if the ARI endpoint is found in the ACME directory.</p>
<p>Generally you should use <code class="ansible-value docutils literal notranslate"><span class="pre">when_ari_supported</span></code> if you know that the ACME service supports a compatible draft (or final version, once it is out) of the ARI extension. <code class="ansible-value docutils literal notranslate"><span class="pre">always</span></code> should never be necessary. If you are not sure, or if you receive strange errors on invalid <code class="docutils literal notranslate"><span class="pre">replaces</span></code> values in order objects, use <code class="ansible-value docutils literal notranslate"><span class="pre">never</span></code>, which also happens to be the default.</p>
-<p>ACME servers might refuse to create new orders with <code class="docutils literal notranslate"><span class="pre">replaces</span></code> for certificates that already have an existing order. This can happen if this module is used to create an order, and then the playbook/role fails in case the challenges cannot be set up. If the playbook/role does not record the order data to continue with the existing order, but tries to create a new one on the next run, creating the new order might fail. For this reason, this option should only be set to a value different from <code class="ansible-value docutils literal notranslate"><span class="pre">never</span></code> if the role/playbook using it keeps track of order data accross restarts.</p>
+<p>ACME servers might refuse to create new orders with <code class="docutils literal notranslate"><span class="pre">replaces</span></code> for certificates that already have an existing order. This can happen if this module is used to create an order, and then the playbook/role fails in case the challenges cannot be set up. If the playbook/role does not record the order data to continue with the existing order, but tries to create a new one on the next run, creating the new order might fail. For this reason, this option should only be set to a value different from <code class="ansible-value docutils literal notranslate"><span class="pre">never</span></code> if the role/playbook using it keeps track of order data accross restarts, or if it takes care to deactivate orders whose processing is aborted. Orders can be deactivated with the <a class="reference internal" href="acme_certificate_deactivate_authz_module.html#ansible-collections-community-crypto-acme-certificate-deactivate-authz-module"><span class="std std-ref">community.crypto.acme_certificate_deactivate_authz</span></a> module.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
<li><p><code class="ansible-option-default-bold docutils literal notranslate"><strong><span class="pre">"never"</span></strong></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
@@ -658,7 +661,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
</dd>
<dt><a class="reference external" href="https://tools.ietf.org/html/rfc8555">Automatic Certificate Management Environment (ACME)</a></dt><dd><p>The specification of the ACME protocol (RFC 8555).</p>
</dd>
-<dt><a class="reference external" href="https://www.rfc-editor.org/rfc/rfc8737.html-05">ACME TLS ALPN Challenge Extension</a></dt><dd><p>The specification of the <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code> challenge (RFC 8737).</p>
+<dt><a class="reference external" href="https://www.rfc-editor.org/rfc/rfc8737.html">ACME TLS ALPN Challenge Extension</a></dt><dd><p>The specification of the <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code> challenge (RFC 8737).</p>
</dd>
<dt><a class="reference internal" href="acme_challenge_cert_helper_module.html#ansible-collections-community-crypto-acme-challenge-cert-helper-module"><span class="std std-ref">community.crypto.acme_challenge_cert_helper</span></a></dt><dd><p>Helps preparing <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code> challenges.</p>
</dd>
@@ -678,6 +681,8 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
</dd>
<dt><a class="reference internal" href="acme_inspect_module.html#ansible-collections-community-crypto-acme-inspect-module"><span class="std std-ref">community.crypto.acme_inspect</span></a></dt><dd><p>Allows to debug problems.</p>
</dd>
+<dt><a class="reference internal" href="acme_certificate_deactivate_authz_module.html#ansible-collections-community-crypto-acme-certificate-deactivate-authz-module"><span class="std std-ref">community.crypto.acme_certificate_deactivate_authz</span></a></dt><dd><p>Allows to deactivate (invalidate) ACME v2 orders.</p>
+</dd>
</dl>
</div>
</section>
@@ -763,7 +768,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<span class="c1"># state: present</span>
<span class="c1"># wait: true</span>
<span class="c1"># # Note: route53 requires TXT entries to be enclosed in quotes</span>
-<span class="c1"># value: "</span><span class="cp">{{</span> <span class="nv">sample_com_challenge.challenge_data</span><span class="o">[</span><span class="s1">'sample.com'</span><span class="o">][</span><span class="s1">'dns-01'</span><span class="o">]</span><span class="nv">.resource_value</span> <span class="o">|</span> <span class="nf">regex_replace</span><span class="o">(</span><span class="s1">'^(.*)$'</span><span class="o">,</span> <span class="s1">'\"\\1\"'</span><span class="o">)</span> <span class="cp">}}</span><span class="c1">"</span>
+<span class="c1"># value: "</span><span class="cp">{{</span> <span class="nv">sample_com_challenge.challenge_data</span><span class="o">[</span><span class="s1">'sample.com'</span><span class="o">][</span><span class="s1">'dns-01'</span><span class="o">]</span><span class="nv">.resource_value</span> <span class="o">|</span> <span class="nf">community</span><span class="nv">.dns.quote_txt</span><span class="o">(</span><span class="nv">always_quote</span><span class="o">=</span><span class="kp">true</span><span class="o">)</span> <span class="cp">}}</span><span class="c1">"</span>
<span class="c1"># when: sample_com_challenge is changed and 'sample.com' in sample_com_challenge.challenge_data</span>
<span class="c1">#</span>
<span class="c1"># Alternative way:</span>
@@ -778,7 +783,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<span class="c1"># wait: true</span>
<span class="c1"># # Note: item.value is a list of TXT entries, and route53</span>
<span class="c1"># # requires every entry to be enclosed in quotes</span>
-<span class="c1"># value: "</span><span class="cp">{{</span> <span class="nv">item.value</span> <span class="o">|</span> <span class="nf">map</span><span class="o">(</span><span class="s1">'regex_replace'</span><span class="o">,</span> <span class="s1">'^(.*)$'</span><span class="o">,</span> <span class="s1">'\"\\1\"'</span> <span class="o">)</span> <span class="o">|</span> <span class="nf">list</span> <span class="cp">}}</span><span class="c1">"</span>
+<span class="c1"># value: "</span><span class="cp">{{</span> <span class="nv">item.value</span> <span class="o">|</span> <span class="nf">map</span><span class="o">(</span><span class="s1">'community.dns.quote_txt'</span><span class="o">,</span> <span class="nv">always_quote</span><span class="o">=</span><span class="kp">true</span><span class="o">)</span> <span class="o">|</span> <span class="nf">list</span> <span class="cp">}}</span><span class="c1">"</span>
<span class="c1"># loop: "</span><span class="cp">{{</span> <span class="nv">sample_com_challenge.challenge_data_dns</span> <span class="o">|</span> <span class="nf">dict2items</span> <span class="cp">}}</span><span class="c1">"</span>
<span class="c1"># when: sample_com_challenge is changed</span>
@@ -896,7 +901,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="return-challenge_data"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-module-return-challenge-data"><strong>challenge_data</strong></p>
-<a class="ansibleOptionLink" href="#return-challenge_data" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">list</span> / <span class="ansible-option-elements">elements=dictionary</span></p>
+<a class="ansibleOptionLink" href="#return-challenge_data" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Per identifier / challenge type challenge data.</p>
<p>Since Ansible 2.8.5, only challenges which are not yet valid are returned.</p>
@@ -904,37 +909,57 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
-<div class="ansibleOptionAnchor" id="return-challenge_data/record"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-module-return-challenge-data-record"><strong>record</strong></p>
-<a class="ansibleOptionLink" href="#return-challenge_data/record" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+<div class="ansibleOptionAnchor" id="return-challenge_data/identifier"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-module-return-challenge-data-identifier"><strong>identifier</strong></p>
+<a class="ansibleOptionLink" href="#return-challenge_data/identifier" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
</div></td>
-<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>The full DNS record’s name for the challenge.</p>
+<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>For every identifier, provides a dictionary of challenge types mapping to challenge data.</p>
+<p>The keys in this dictionary are the identifiers. <code class="docutils literal notranslate"><span class="pre">identifier</span></code> is a placeholder used in the documentation.</p>
+<p>Note that the keys are not valid Jinja2 identifiers.</p>
+<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> changed</p>
+</div></td>
+</tr>
+<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="return-challenge_data/identifier/challenge-type"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-module-return-challenge-data-identifier-challenge-type"><strong>challenge-type</strong></p>
+<a class="ansibleOptionLink" href="#return-challenge_data/identifier/challenge-type" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">dictionary</span></p>
+</div></td>
+<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>Data for every challenge type.</p>
+<p>The keys in this dictionary are the challenge types. <code class="docutils literal notranslate"><span class="pre">challenge-type</span></code> is a placeholder used in the documentation. Possible keys are <code class="ansible-value docutils literal notranslate"><span class="pre">http-01</span></code>, <code class="ansible-value docutils literal notranslate"><span class="pre">dns-01</span></code>, and <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code>.</p>
+<p>Note that the keys are not valid Jinja2 identifiers.</p>
+<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> changed</p>
+</div></td>
+</tr>
+<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="return-challenge_data/identifier/challenge-type/record"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-module-return-challenge-data-identifier-challenge-type-record"><strong>record</strong></p>
+<a class="ansibleOptionLink" href="#return-challenge_data/identifier/challenge-type/record" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+</div></td>
+<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>The full DNS record’s name for the challenge.</p>
<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> changed and challenge is <code class="ansible-value docutils literal notranslate"><span class="pre">dns-01</span></code></p>
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">"_acme-challenge.example.com"</span></code></p>
</div></td>
</tr>
-<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
-<div class="ansibleOptionAnchor" id="return-challenge_data/resource"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-module-return-challenge-data-resource"><strong>resource</strong></p>
-<a class="ansibleOptionLink" href="#return-challenge_data/resource" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="return-challenge_data/identifier/challenge-type/resource"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-module-return-challenge-data-identifier-challenge-type-resource"><strong>resource</strong></p>
+<a class="ansibleOptionLink" href="#return-challenge_data/identifier/challenge-type/resource" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
-<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>The challenge resource that must be created for validation.</p>
+<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>The challenge resource that must be created for validation.</p>
<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> changed</p>
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">".well-known/acme-challenge/evaGxfADs6pSRb2LAv9IZf17Dt3juxGJ-PCt92wr-oA"</span></code></p>
</div></td>
</tr>
-<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
-<div class="ansibleOptionAnchor" id="return-challenge_data/resource_original"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-module-return-challenge-data-resource-original"><strong>resource_original</strong></p>
-<a class="ansibleOptionLink" href="#return-challenge_data/resource_original" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="return-challenge_data/identifier/challenge-type/resource_original"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-module-return-challenge-data-identifier-challenge-type-resource-original"><strong>resource_original</strong></p>
+<a class="ansibleOptionLink" href="#return-challenge_data/identifier/challenge-type/resource_original" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
-<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>The original challenge resource including type identifier for <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code> challenges.</p>
+<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>The original challenge resource including type identifier for <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code> challenges.</p>
<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> changed and <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-acme-certificate-module-parameter-challenge"><span class="std std-ref"><span class="pre">challenge</span></span></a></strong></code> is <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code></p>
<p class="ansible-option-line ansible-option-sample"><strong class="ansible-option-sample-bold">Sample:</strong> <code class="ansible-option-sample docutils literal notranslate"><span class="pre">"DNS:example.com"</span></code></p>
</div></td>
</tr>
-<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
-<div class="ansibleOptionAnchor" id="return-challenge_data/resource_value"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-module-return-challenge-data-resource-value"><strong>resource_value</strong></p>
-<a class="ansibleOptionLink" href="#return-challenge_data/resource_value" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+<tr class="row-odd"><td><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="return-challenge_data/identifier/challenge-type/resource_value"></div><p class="ansible-option-title" id="ansible-collections-community-crypto-acme-certificate-module-return-challenge-data-identifier-challenge-type-resource-value"><strong>resource_value</strong></p>
+<a class="ansibleOptionLink" href="#return-challenge_data/identifier/challenge-type/resource_value" title="Permalink to this return value"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
-<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>The value the resource has to produce for the validation.</p>
+<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>The value the resource has to produce for the validation.</p>
<p>For <code class="ansible-value docutils literal notranslate"><span class="pre">http-01</span></code> and <code class="ansible-value docutils literal notranslate"><span class="pre">dns-01</span></code> challenges, the value can be used as-is.</p>
<p>For <code class="ansible-value docutils literal notranslate"><span class="pre">tls-alpn-01</span></code> challenges, note that this return value contains a Base64 encoded version of the correct binary blob which has to be put into the acmeValidation x509 extension; see <a class="reference external" href="https://www.rfc-editor.org/rfc/rfc8737.html#section-3">https://www.rfc-editor.org/rfc/rfc8737.html#section-3</a> for details. To do this, you might need the <a class="reference external" href="https://docs.ansible.com/ansible/devel/collections/ansible/builtin/b64decode_filter.html#ansible-collections-ansible-builtin-b64decode-filter" title="(in Ansible vdevel)"><span class="xref std std-ref">ansible.builtin.b64decode</span></a> Jinja filter to extract the binary blob from this return value.</p>
<p class="ansible-option-line"><strong class="ansible-option-returned-bold">Returned:</strong> changed</p>
@@ -994,7 +1019,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer">
<a href="acme_ari_info_module.html" class="btn btn-neutral float-left" title="community.crypto.acme_ari_info module – Retrieves ACME Renewal Information (ARI) for a certificate" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
- <a href="acme_certificate_revoke_module.html" class="btn btn-neutral float-right" title="community.crypto.acme_certificate_revoke module – Revoke certificates with the ACME protocol" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
+ <a href="acme_certificate_deactivate_authz_module.html" class="btn btn-neutral float-right" title="community.crypto.acme_certificate_deactivate_authz module – Deactivate all authz for an ACME v2 order" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
</div>
<hr/>
diff --git a/home/runner/work/community.crypto/community.crypto/docsbuild/base/acme_certificate_revoke_module.html b/home/runner/work/community.crypto/community.crypto/docsbuild/head/acme_certificate_revoke_module.html
index 49eb6cb..1a4a87b 100644
--- a/home/runner/work/community.crypto/community.crypto/docsbuild/base/acme_certificate_revoke_module.html
+++ b/home/runner/work/community.crypto/community.crypto/docsbuild/head/acme_certificate_revoke_module.html
@@ -25,7 +25,7 @@
<script src="_static/js/theme.js"></script>
<link rel="search" title="Search" href="search.html" />
<link rel="next" title="community.crypto.acme_challenge_cert_helper module – Prepare certificates required for ACME challenges such as tls-alpn-01" href="acme_challenge_cert_helper_module.html" />
- <link rel="prev" title="community.crypto.acme_certificate module – Create SSL/TLS certificates with the ACME protocol" href="acme_certificate_module.html" /><!-- extra head elements for Ansible beyond RTD Sphinx Theme -->
+ <link rel="prev" title="community.crypto.acme_certificate_renewal_info module – Determine whether a certificate should be renewed or not" href="acme_certificate_renewal_info_module.html" /><!-- extra head elements for Ansible beyond RTD Sphinx Theme -->
@@ -87,6 +87,8 @@
<li class="toctree-l1"><a class="reference internal" href="acme_account_info_module.html">community.crypto.acme_account_info module – Retrieves information on ACME accounts</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_ari_info_module.html">community.crypto.acme_ari_info module – Retrieves ACME Renewal Information (ARI) for a certificate</a></li>
<li class="toctree-l1"><a class="reference internal" href="acme_certificate_module.html">community.crypto.acme_certificate module – Create SSL/TLS certificates with the ACME protocol</a></li>
+<li class="toctree-l1"><a class="reference internal" href="acme_certificate_deactivate_authz_module.html">community.crypto.acme_certificate_deactivate_authz module – Deactivate all authz for an ACME v2 order</a></li>
+<li class="toctree-l1"><a class="reference internal" href="acme_certificate_renewal_info_module.html">community.crypto.acme_certificate_renewal_info module – Determine whether a certificate should be renewed or not</a></li>
<li class="toctree-l1 current"><a class="current reference internal" href="#">community.crypto.acme_certificate_revoke module – Revoke certificates with the ACME protocol</a><ul>
<li class="toctree-l2"><a class="reference internal" href="#synopsis">Synopsis</a></li>
<li class="toctree-l2"><a class="reference internal" href="#requirements">Requirements</a></li>
@@ -108,6 +110,7 @@
<li class="toctree-l1"><a class="reference internal" href="ecs_certificate_module.html">community.crypto.ecs_certificate module – Request SSL/TLS certificates with the Entrust Certificate Services (ECS) API</a></li>
<li class="toctree-l1"><a class="reference internal" href="ecs_domain_module.html">community.crypto.ecs_domain module – Request validation of a domain with the Entrust Certificate Services (ECS) API</a></li>
<li class="toctree-l1"><a class="reference internal" href="get_certificate_module.html">community.crypto.get_certificate module – Get a certificate from a host:port</a></li>
+<li class="toctree-l1"><a class="reference internal" href="gpg_keypair_module.html">community.crypto.gpg_keypair module – Generate or delete GPG private and public keys</a></li>
<li class="toctree-l1"><a class="reference internal" href="luks_device_module.html">community.crypto.luks_device module – Manage encrypted (LUKS) devices</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssh_cert_module.html">community.crypto.openssh_cert module – Generate OpenSSH host or user certificates.</a></li>
<li class="toctree-l1"><a class="reference internal" href="openssh_keypair_module.html">community.crypto.openssh_keypair module – Generate OpenSSH private and public keys</a></li>
@@ -178,7 +181,7 @@
<h1>community.crypto.acme_certificate_revoke module – Revoke certificates with the ACME protocol<a class="headerlink" href="#community-crypto-acme-certificate-revoke-module-revoke-certificates-with-the-acme-protocol" title="Link to this heading"></a></h1>
<div class="admonition note">
<p class="admonition-title">Note</p>
-<p>This module is part of the <a class="reference external" href="https://galaxy.ansible.com/ui/repo/published/community/crypto/">community.crypto collection</a> (version 2.20.0).</p>
+<p>This module is part of the <a class="reference external" href="https://galaxy.ansible.com/ui/repo/published/community/crypto/">community.crypto collection</a> (version 2.21.0).</p>
<p>It is not included in <code class="docutils literal notranslate"><span class="pre">ansible-core</span></code>.
To check whether it is installed, run <code class="code docutils literal notranslate"><span class="pre">ansible-galaxy</span> <span class="pre">collection</span> <span class="pre">list</span></code>.</p>
<p>To install it, use: <code class="code docutils literal notranslate"><span class="pre">ansible-galaxy</span> <span class="pre">collection</span> <span class="pre">install</span> <span class="pre">community.crypto</span></code>.
@@ -472,7 +475,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-ac
<footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer">
- <a href="acme_certificate_module.html" class="btn btn-neutral float-left" title="community.crypto.acme_certificate module – Create SSL/TLS certificates with the ACME protocol" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
+ <a href="acme_certificate_renewal_info_module.html" class="btn btn-neutral float-left" title="community.crypto.acme_certificate_renewal_info module – Determine whether a certificate should be renewed or not" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
<a href="acme_challenge_cert_helper_module.html" class="btn btn-neutral float-right" title="community.crypto.acme_challenge_cert_helper module – Prepare certificates required for ACME challenges such as tls-alpn-01" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
</div>
diff --git a/home/runner/work/community.crypto/community.crypto/docsbuild/base/acme_challenge_cert_helper_module.html b/home/runner/work/community.crypto/community.crypto/docsbuild/head/acme_challenge_cert_helper_module.html
index d462cec..52fc71f 100644
--- a/home/runner/work/community.crypto/community.crypto/docsbuild/base/acme_challenge_cert_helper_module.html
+++ b/home/runner/work/community.crypto/community.crypto/docsbuild/head/acme_challenge_cert_helper_module.html
@@ -87,6 +87,8 @@
<li class="toctree-l1"><a class="reference internal" href="acme_account_info_module.html">community.crypto.acme_account_info module – Retrieves inform...*[Comment body truncated]* |
…ps that omit seconds (ansible-collections#745) * Add time module utils. * Add time helpers to ACME backend. * Add changelog fragment. * ACME timestamp parser: do not choke on nanoseconds.
* Allow to provide cert_info object to get_renewal_info(). * Add acme_certificate_renewal_info module. * Allow to provide value for 'now'. * Actually append msg_append. * Fix bug in module timestamp param parsing, and add tests.
…ate_renewal_info return value (ansible-collections#747) * Use community.dns.quote_txt filter instead of regex replace to quote TXT entry value. * Fix documentation of acme_certificate's challenge_data return value. * Also return cert_id from acme_certificate_renewal_info module. * The cert ID cannot be computed if the certificate has no AKI. This happens with older Pebble versions, which are used when testing against older ansible-core/-base/Ansible versions. * Fix AKI extraction for older OpenSSL versions.
…le-collections#748) Shouldn't happen since CA-issued certs should always have AKI, but better be safe than sorry.
…le-collections#749) * Refactor argument spec helper. * Remove superfluous comments.
…/csr_content to own docs fragment (ansible-collections#750) * Fix bug in argspec module util. * Move csr / csr_content to new docs fragment. * Simplify code. * Refactor ACME argspec creation. Add with_certificate argument for new CERTIFICATE docs fragment.
…tions#740) * renew request CSR validation * Create 740-ecs_certificate-renewal-without-csr * Rename 740-ecs_certificate-renewal-without-csr to 740-ecs_certificate-renewal-without-csr.yml --------- Co-authored-by: flovecchio <[email protected]>
* Fix time idempotence. * Lint and add changelog fragment. * Add tests. * Make sure 'ignore_timestamps: false' is passed for time idempotence tests; pass right private key for OwnCA tests
Revert "Fix documentation. (ansible-collections#751)" Revert "ACME modules: simplify code, refactor argspec handling code, move csr/csr_content to own docs fragment (ansible-collections#750)" Revert "Refactor and extend argument spec helper, use for ACME modules (ansible-collections#749)" Revert "Avoid exception if certificate has no AKI in acme_certificate. (ansible-collections#748)" Revert "ACME: improve acme_certificate docs, include cert_id in acme_certificate_renewal_info return value (ansible-collections#747)" Revert "Add acme_certificate_renewal_info module (ansible-collections#746)" Revert "Refactor time code, add tests, fix bug when parsing absolute timestamps that omit seconds (ansible-collections#745)" Revert "Add tests for acme_certificate_deactivate_authz module. (ansible-collections#744)" Revert "Create acme_certificate_deactivate_authz module (ansible-collections#741)" Revert "acme_certificate: allow to request renewal of a certificate according to ARI (ansible-collections#739)" Revert "Implement basic acme_ari_info module. (ansible-collections#732)" Revert "Add function for retrieval of ARI information. (ansible-collections#738)" Revert "acme module utils: add functions for parsing Retry-After header values and computation of ARI certificate IDs (ansible-collections#737)" Revert "Implement certificate information retrieval code in the ACME backends. (ansible-collections#736)" Revert "Split up the default acme docs fragment to allow modules ot not need account data. (ansible-collections#735)" This reverts commits 5e59c52, aa82575, f3c9cb7, f82b335, 553ab45, 59606d4, 0a15be1, 9501a28, d906914, 33d278a, 6d4fc58, 9614b09, af5f4b5, c6fbe58, and afe7f75.
This reverts commit 82251c2.
SUMMARY
New gpg_keypair module to manage GPG keys.
Fixes #238
ISSUE TYPE
COMPONENT NAME
gpg_keypair
ADDITIONAL INFORMATION
Unattended GPG key generation
Example usage: