-
Notifications
You must be signed in to change notification settings - Fork 23.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Letsencrypt authz deactivation #36362
Merged
ansibot
merged 3 commits into
ansible:devel
from
felixfontein:letsencrypt-authz-deactivation
Feb 19, 2018
Merged
Letsencrypt authz deactivation #36362
ansibot
merged 3 commits into
ansible:devel
from
felixfontein:letsencrypt-authz-deactivation
Feb 19, 2018
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ansibot
added
community_review
In order to be merged, this PR must follow the community review workflow.
feature_pull_request
module
This issue/PR relates to a module.
needs_triage
Needs a first human triage before being processed.
owner_pr
This PR is made by the module's maintainer.
support:community
This issue/PR relates to code supported by the Ansible community.
labels
Feb 18, 2018
Akasurde
removed
the
needs_triage
Needs a first human triage before being processed.
label
Feb 19, 2018
resmo
reviewed
Feb 19, 2018
- "Authentication objects are bound to an account key and remain valid | ||
for a certain amount of time, and can be used to issue certificates | ||
without having to re-authenticate the domain. This can be a security | ||
concern. " |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
whitespace after .
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Whoops. I'll fiix that in the next PR or so :)
code LGTM. shipit |
ansibot
added
automerge
This PR was automatically merged by ansibot.
shipit
This PR is ready to be merged by Core
and removed
community_review
In order to be merged, this PR must follow the community review workflow.
labels
Feb 19, 2018
Thanks for reviewing and merging! |
ansibot
added
feature
This issue/PR relates to a feature request.
and removed
feature_pull_request
labels
Mar 5, 2018
The whitespace is gone by now. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
automerge
This PR was automatically merged by ansibot.
crypto
Crypto community (ACME, openssl, letsencrypt)
feature
This issue/PR relates to a feature request.
module
This issue/PR relates to a module.
owner_pr
This PR is made by the module's maintainer.
shipit
This PR is ready to be merged by Core
support:community
This issue/PR relates to code supported by the Ansible community.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
SUMMARY
Adds an option which allows to deactivate authz objects after successful or not successful certificate issuance, as explained in #36344. I've changed all direct
module.fail_json
calls to exceptions so that authz cleanup can be relatively reliably done in atry ... finally
construct. Unfortunately,fetch_url()
inansible.module_utils.urls
directly callsmodule.fail_json
, hence in these cases no cleanup will be done.Fix #36344.
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
letsencrypt
ANSIBLE VERSION