From 0802b092de94030645eab5a4884c01dd0b2b9c5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Max=20H=C3=B6sel?= Date: Fri, 7 May 2021 13:32:31 +0200 Subject: [PATCH] fix(step_acme_cert): remove community.cryto dep (#59) This commit removes the dependency on community.crypto (and by extension, the cryptography python package). It turns out that step-cli has all the required functionality built-in, so we use that instead --- galaxy.yml | 3 +-- roles/step_acme_cert/tasks/main.yml | 13 ++++++------- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/galaxy.yml b/galaxy.yml index e8c58f9e..79a01bf8 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -39,8 +39,7 @@ tags: ["smallstep", "ca", "certificates"] # collection label 'namespace.name'. The value is a version range # L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version # range specifiers can be set and are separated by ',' -dependencies: - "community.crypto": ">=1.0,<2.0" +dependencies: {} # The URL of the originating SCM repository repository: https://github.com/maxhoesel/ansible-collection-smallstep diff --git a/roles/step_acme_cert/tasks/main.yml b/roles/step_acme_cert/tasks/main.yml index 4a82ed20..a34605f2 100644 --- a/roles/step_acme_cert/tasks/main.yml +++ b/roles/step_acme_cert/tasks/main.yml @@ -7,15 +7,14 @@ path: "{{ step_acme_cert_certfile.path }}" register: step_acme_cert_current_cert -- name: Check if certificate is expired - community.crypto.x509_certificate_info: - path: "{{ step_acme_cert_certfile.path }}" - valid_at: - now: "+0s" - register: step_acme_cert_certinfo +- name: Check if certificate is valid + changed_when: no + command: "step-cli certificate verify {{ step_acme_cert_certfile.path }}" + ignore_errors: true + register: _step_acme_cert_validity when: step_acme_cert_current_cert.stat.exists - include: get_cert.yml - when: not step_acme_cert_current_cert.stat.exists or not step_acme_cert_certinfo.valid_at.now + when: 'not step_acme_cert_current_cert.stat.exists or "failed to verify certificate" in _step_acme_cert_validity.stderr' - include: renewal.yml