Merge pull request #1 from justereseau/feat/new_cf_token

Make it work with new application token
2020-08-17 10:35:11 -04:00 · 2020-08-17 10:35:11 -04:00 · 67acb4b317
parent 96d4d2060d f947a48431
commit 67acb4b317
3 changed files with 32 additions and 15 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -13,18 +13,9 @@ env:
    - MOLECULE_DISTRO: debian9
    - MOLECULE_DISTRO: debian10

-before_install:
-  - sudo apt-get update
-  - sudo apt-get upgrade -y
-  - sudo apt-get purge docker-ce -y
-  - sudo apt-get autoremove -y
-  - curl -fsSL https://raw.githubusercontent.com/darkwizard242/devopsubuntu1804/v1.0/packer-build/mods/10-docker.sh | sudo bash -s -- install
-  - sudo usermod -aG docker $USER
-  - curl -fsSL https://raw.githubusercontent.com/darkwizard242/devopsubuntu1804/v1.0/packer-build/mods/10-docker.sh | sudo bash -s -- restart
-
 install:
  # Install test dependencies.
-  - pip install molecule docker testinfra ansible-lint flake8 yamllint
+  - pip install molecule docker==4.2.2 testinfra ansible-lint flake8 yamllint

 before_script:
  # Use actual Ansible Galaxy role name for the project directory.
@ -33,6 +24,7 @@ before_script:
  - cd $ROLE_NAME

 script:
+  - docker --version
  - molecule --version
  - ansible --version
  - molecule test
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -15,6 +15,7 @@ acme_sh_domains:
    debug: false
    reload_command: service nginx restart

-acme_cloudflare_token: xxxx
-acme_cloudflare_account_id: xxxx
-acme_cloudflare_zone_id: xxxx
+# acme_cloudflare_token: xxxx
+# acme_cloudflare_account_id: xxxx
+# acme_cloudflare_zone_id: xxxx
+# acme_cloudflare_email: xxxx
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -39,7 +39,7 @@
    - item.remove | default(false)
  loop: "{{ acme_sh_domains }}"

- name: Issue acme.sh certificate(s)
+- name: Issue acme.sh certificate(s) (old token)
  command: >-
    ./acme.sh --issue -d {{ item.domain }} --dns dns_cf
    {{ "--force" if item.force_issue | default(false) or item.force_renew | default(false) else "" }}
@ -51,7 +51,31 @@
    - "CF_Token": "{{ acme_cloudflare_token }}"
    - "CF_Account_ID": "{{ acme_cloudflare_account_id }}"
    - "CF_Zone_ID": "{{ acme_cloudflare_zone_id }}"
-  when: not item.remove | default(false)
+  when:
+    - not item.remove | default(false)
+    - acme_cloudflare_token is defined
+    - acme_cloudflare_account_id is defined
+    - acme_cloudflare_zone_id is defined
+  loop: "{{ acme_sh_domains }}"
+  register: issue_result
+  changed_when: issue_result.rc == 0 and "Cert success" in issue_result.stdout and not item.force_renew | default(false)
+  failed_when: issue_result.rc != 0 and "Domains not changed" not in issue_result.stdout
+
+- name: Issue acme.sh certificate(s) (token)
+  command: >-
+    ./acme.sh --issue -d {{ item.domain }} --dns dns_cf
+    {{ "--force" if item.force_issue | default(false) or item.force_renew | default(false) else "" }}
+    {{ "--staging" if item.staging | default(false) else "" }}
+    {{ "--debug" if item.debug | default(false) else "" }}
+  args:
+    chdir: "{{ acme_sh_git_clone_dest }}"
+  environment:
+    - "CF_Key": "{{ acme_cloudflare_token }}"
+    - "CF_Email": "{{ acme_cloudflare_email }}"
+  when:
+    - not item.remove | default(false)
+    - acme_cloudflare_token is defined
+    - acme_cloudflare_email is defined
  loop: "{{ acme_sh_domains }}"
  register: issue_result
  changed_when: issue_result.rc == 0 and "Cert success" in issue_result.stdout and not item.force_renew | default(false)