Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Letsencrypt authz deactivation #36362

Merged
merged 3 commits into from
Feb 19, 2018
Merged

Letsencrypt authz deactivation #36362

merged 3 commits into from
Feb 19, 2018

Conversation

felixfontein
Copy link
Contributor

SUMMARY

Adds an option which allows to deactivate authz objects after successful or not successful certificate issuance, as explained in #36344. I've changed all direct module.fail_json calls to exceptions so that authz cleanup can be relatively reliably done in a try ... finally construct. Unfortunately, fetch_url() in ansible.module_utils.urls directly calls module.fail_json, hence in these cases no cleanup will be done.

Fix #36344.

ISSUE TYPE

Feature Pull Request

COMPONENT NAME

letsencrypt

ANSIBLE VERSION
2.6.0

@ansibot
Copy link
Contributor

ansibot commented Feb 18, 2018

cc @mgruener @resmo
click here for bot help

@ansibot ansibot added community_review In order to be merged, this PR must follow the community review workflow. feature_pull_request module This issue/PR relates to a module. needs_triage Needs a first human triage before being processed. owner_pr This PR is made by the module's maintainer. support:community This issue/PR relates to code supported by the Ansible community. labels Feb 18, 2018
@Akasurde Akasurde removed the needs_triage Needs a first human triage before being processed. label Feb 19, 2018
@Akasurde Akasurde mentioned this pull request Feb 19, 2018
Closed
resmo
resmo reviewed Feb 19, 2018
View reviewed changes
lib/ansible/modules/web_infrastructure/letsencrypt.py
- "Authentication objects are bound to an account key and remain valid
for a certain amount of time, and can be used to issue certificates
without having to re-authenticate the domain. This can be a security
concern. "
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

whitespace after .

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Whoops. I'll fiix that in the next PR or so :)

@resmo
Copy link
Contributor

resmo commented Feb 19, 2018

code LGTM.

shipit

@ansibot ansibot added automerge This PR was automatically merged by ansibot. shipit This PR is ready to be merged by Core and removed community_review In order to be merged, this PR must follow the community review workflow. labels Feb 19, 2018
@ansibot ansibot merged commit cd9d554 into ansible:devel Feb 19, 2018
@felixfontein felixfontein deleted the letsencrypt-authz-deactivation branch February 19, 2018 19:08
@felixfontein
Copy link
Contributor Author

Thanks for reviewing and merging!

@ansibot ansibot added feature This issue/PR relates to a feature request. and removed feature_pull_request labels Mar 5, 2018
@felixfontein felixfontein mentioned this pull request Mar 11, 2018
Merged
@felixfontein felixfontein mentioned this pull request May 10, 2018
Merged
@felixfontein
Copy link
Contributor Author

The whitespace is gone by now.

@dagwieers dagwieers added the crypto Crypto community (ACME, openssl, letsencrypt) label Feb 7, 2019
@ansible ansible locked and limited conversation to collaborators Apr 27, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@resmo resmo resmo left review comments

Assignees
No one assigned
Labels
automerge This PR was automatically merged by ansibot. crypto Crypto community (ACME, openssl, letsencrypt) feature This issue/PR relates to a feature request. module This issue/PR relates to a module. owner_pr This PR is made by the module's maintainer. shipit This PR is ready to be merged by Core support:community This issue/PR relates to code supported by the Ansible community.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Letsencrypt: allow deactivation of authzs after successful certificate issuing
5 participants
@felixfontein @ansibot @resmo @dagwieers @Akasurde