a-c-m
/
community.crypto
mirror of https://github.com/ansible-collections/community.crypto.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Directly handle unexpected non-JSON results. (#682)

pull/683/head
Felix Fontein 2023-12-07 22:26:04 +01:00 committed by GitHub
parent 67f1d1129b
commit 5d5a21fddf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
changelogs/fragments/682-acme-errors.yml Normal file
View File

@ -0,0 +1,2 @@
bugfixes:
- "acme_* modules - directly react on bad return data for account creation/retrieval/updating requests (https://github.com/ansible-collections/community.crypto/pull/682)."

14
plugins/module_utils/acme/account.py
View File

@ -9,6 +9,8 @@ from __future__ import absolute_import, division, print_function
__metaclass__ = type __metaclass__ = type
from ansible.module_utils.common._collections_compat import Mapping
from ansible_collections.community.crypto.plugins.module_utils.acme.errors import ( from ansible_collections.community.crypto.plugins.module_utils.acme.errors import (
ACMEProtocolException, ACMEProtocolException,
ModuleFailException, ModuleFailException,
@ -96,6 +98,9 @@ class ACMEAccount(object):
) )
result, info = self.client.send_signed_request(url, new_reg, fail_on_error=False) result, info = self.client.send_signed_request(url, new_reg, fail_on_error=False)
if not isinstance(result, Mapping):
raise ACMEProtocolException(
self.client.module, msg='Invalid account creation reply from ACME server', info=info, content=result)
if info['status'] in ([200, 201] if self.client.version == 1 else [201]): if info['status'] in ([200, 201] if self.client.version == 1 else [201]):
# Account did not exist # Account did not exist
@ -156,6 +161,9 @@ class ACMEAccount(object):
# retry as a regular POST (with no changed data) for pre-draft-15 ACME servers # retry as a regular POST (with no changed data) for pre-draft-15 ACME servers
data = {} data = {}
result, info = self.client.send_signed_request(self.client.account_uri, data, fail_on_error=False) result, info = self.client.send_signed_request(self.client.account_uri, data, fail_on_error=False)
if not isinstance(result, Mapping):
raise ACMEProtocolException(
self.client.module, msg='Invalid account data retrieved from ACME server', info=info, content=result)
if info['status'] in (400, 403) and result.get('type') == 'urn:ietf:params:acme:error:unauthorized': if info['status'] in (400, 403) and result.get('type') == 'urn:ietf:params:acme:error:unauthorized':
# Returned when account is deactivated # Returned when account is deactivated
return None return None
@ -250,5 +258,9 @@ class ACMEAccount(object):
else: else:
if self.client.version == 1: if self.client.version == 1:
update_request['resource'] = 'reg' update_request['resource'] = 'reg'
account_data, dummy = self.client.send_signed_request(self.client.account_uri, update_request) account_data, info = self.client.send_signed_request(self.client.account_uri, update_request)
if not isinstance(account_data, Mapping):
raise ACMEProtocolException(
self.client.module, msg='Invalid account updating reply from ACME server', info=info, content=account_data)
return True, account_data return True, account_data