HEX

File: //opt/saltstack/salt/lib/python3.10/site-packages/salt/states/__pycache__/acme.cpython-310.pyc
o

�N�g&�@sXdZddlZddlZe�e�Zdd�Z																		d
dd	�ZdS)a8
ACME / Let's Encrypt certificate management state
=================================================

.. versionadded:: 2016.3.0

See also the module documentation

.. code-block:: yaml

    reload-gitlab:
      cmd.run:
        - name: gitlab-ctl hup

    dev.example.com:
      acme.cert:
        - aliases:
          - gitlab.example.com
        - email: acmemaster@example.com
        - webroot: /opt/gitlab/embedded/service/gitlab-rails/public
        - renew: 14
        - fire_event: acme/dev.example.com
        - onchanges_in:
          - cmd: reload-gitlab

�NcCsdtvrdSdS)z/
    Only work when the ACME module agrees
    �	acme.certT)Fzacme module could not be loaded)�__salt__�rr�D/opt/saltstack/salt/lib/python3.10/site-packages/salt/states/acme.py�__virtual__#srF�root�0640cCs~|dur|}|dgid�}d}i}i}td|�sd}ntd||�r,d}td|�}nd	|d
<|d�d|�d
��|r�tdr\d|d
<|d�d|�d|�d��ddd�|d<|Std|fid|�d|�d|�d|�d|�d|�d|�d|�d|�d|	�d|
�d |�d!|
�d"|�d#|�d$|�d%|�d&|��}|d
|d
<|d�|d�|d
r�td|�}tjj�||�|d<|S)'a�
    Obtain/renew a certificate from an ACME CA, probably Let's Encrypt.

    :param name: Common Name of the certificate (DNS name of certificate)
    :param aliases: subjectAltNames (Additional DNS names on certificate)
    :param email: e-mail address for interaction with ACME provider
    :param webroot: True or a full path to webroot. Otherwise use standalone mode
    :param test_cert: Request a certificate from the Happy Hacker Fake CA (mutually exclusive with 'server')
    :param renew: True/'force' to force a renewal, or a window of renewal before expiry in days
    :param keysize: RSA key bits
    :param server: API endpoint to talk to
    :param owner: owner of the private key file
    :param group: group of the private key file
    :param mode: mode of the private key file
    :param certname: Name of the certificate to save
    :param preferred_challenges: A sorted, comma delimited list of the preferred
                                 challenge to use during authorization with the
                                 most preferred challenge listed first.
    :param tls_sni_01_port: Port used during tls-sni-01 challenge. This only affects
                            the port Certbot listens on. A conforming ACME server
                            will still attempt to connect on port 443.
    :param tls_sni_01_address: The address the server listens to during tls-sni-01
                               challenge.
    :param http_01_port: Port used in the http-01 challenge. This only affects
                         the port Certbot listens on. A conforming ACME server
                         will still attempt to connect on port 80.
    :param https_01_address: The address the server listens to during http-01 challenge.
    :param dns_plugin: Name of a DNS plugin to use (currently only 'cloudflare')
    :param dns_plugin_credentials: Path to the credentials file if required by the specified DNS plugin
    NZchangeme)�name�result�comment�changeszacme.hasZobtainzacme.needs_renewal�renewz	acme.infoTr
rzCertificate z" exists and does not need renewal.�testz would have been zed.zcurrent certificateznew certificate)�old�newrr�aliases�email�webroot�certname�	test_cert�keysize�server�owner�group�mode�preferred_challenges�tls_sni_01_port�tls_sni_01_address�http_01_port�http_01_address�
dns_plugin�dns_plugin_credentials)r�appendZ__opts__�salt�utilsZ
dictdifferZ	deep_diff)r	rrrrr
rrrrrrrrrrrr r!�ret�actionZcurrent_certificateZnew_certificate�resrrr�cert,s�4
����������	�
���
��������r()NNNFNNNrrrNNNNNNNN)	�__doc__�loggingZsalt.utils.dictdifferr#�	getLogger�__name__�logrr(rrrr�<module>s0
�