diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2023-09-14 20:42:18 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2023-09-14 20:42:18 +0200 |
| commit | 84cf53cd8b10fd558831e620dd39ac75f452d9e8 (patch) | |
| tree | 73b35679a6559a285052059d4cd3a302530be7f8 /roles | |
| parent | x509/(selfsinged|ownca): add renew handling (diff) | |
uacme: make eab config more generic and ensure the right base64 encoding is used
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/x509/uacme/base/defaults/main.yml | 4 | ||||
| -rw-r--r-- | roles/x509/uacme/base/filter_plugins/uacme.py | 26 | ||||
| -rw-r--r-- | roles/x509/uacme/base/tasks/main.yml | 2 |
3 files changed, 30 insertions, 2 deletions
diff --git a/roles/x509/uacme/base/defaults/main.yml b/roles/x509/uacme/base/defaults/main.yml index 264bc2d9..7164da62 100644 --- a/roles/x509/uacme/base/defaults/main.yml +++ b/roles/x509/uacme/base/defaults/main.yml @@ -5,4 +5,6 @@ uacme_directory_server: "{{ acme_directory_server }}" ### this defaults to '/var/run/acme/acme-challenge' # uacme_challenge_webroot_path: "/path/to/acme-challenge" -# uacme_eab: <keyid>:base64(<key>) +uacme_eab: "{{ acme_eab }}" +# keyid: "<keyid>" +# key: "<key>" diff --git a/roles/x509/uacme/base/filter_plugins/uacme.py b/roles/x509/uacme/base/filter_plugins/uacme.py new file mode 100644 index 00000000..07a87db5 --- /dev/null +++ b/roles/x509/uacme/base/filter_plugins/uacme.py @@ -0,0 +1,26 @@ +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +from functools import partial +from base64 import urlsafe_b64encode + +from ansible import errors +from ansible.module_utils.common.text import formatters +from ansible.module_utils._text import to_bytes, to_text + + +def uacme_eab_param(eab): + try: + return "%s:%s" % (eab['keyid'], to_text(urlsafe_b64encode(to_bytes(eab['key'], errors='surrogate_or_strict'))).strip("=")) + except Exception as e: + raise errors.AnsibleFilterError("uacme_eab_param(): %s" % str(e)) + + +class FilterModule(object): + + filter_map = { + 'uacme_eab_param': uacme_eab_param, + } + + def filters(self): + return self.filter_map diff --git a/roles/x509/uacme/base/tasks/main.yml b/roles/x509/uacme/base/tasks/main.yml index ff7c880d..f52c3cf0 100644 --- a/roles/x509/uacme/base/tasks/main.yml +++ b/roles/x509/uacme/base/tasks/main.yml @@ -7,7 +7,7 @@ state: present - name: create acme account key - command: "uacme -c /var/lib/uacme.d -a '{{ uacme_directory_server }}' -y{% if uacme_eab is defined %} -e {{ uacme_eab }}{% endif %} new '{{ uacme_account_email }}'" + command: "uacme -c /var/lib/uacme.d -a '{{ uacme_directory_server }}' -y{% if uacme_eab is defined %} -e '{{ uacme_eab | uacme_eab_param }}'{% endif %} new '{{ uacme_account_email }}'" args: creates: /var/lib/uacme.d/private/key.pem |