acme_certificate: be nicer to non-compliant CAs (#832)

* Be nicer to non-compliant CAs. * Mark as a feature, not a bugfix.
ansible-collections · Dec 30, 2024 · 0d4b16a · 0d4b16a
1 parent db04914
commit 0d4b16a
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/changelogs/fragments/832-acme-challenges.yml b/changelogs/fragments/832-acme-challenges.yml
@@ -0,0 +1,3 @@
+minor_changes:
+  - "acme_certificate - add compatibility for ACME CAs that are not fully RFC8555 compliant and do not provide ``challenges`` in authz objects
+    (https://github.com/ansible-collections/community.crypto/issues/824, https://github.com/ansible-collections/community.crypto/pull/832)."
diff --git a/plugins/module_utils/acme/challenges.py b/plugins/module_utils/acme/challenges.py
@@ -141,7 +141,12 @@ class Authorization(object):
     def _setup(self, client, data):
         data['uri'] = self.url
         self.data = data
-        self.challenges = [Challenge.from_json(client, challenge) for challenge in data['challenges']]
+        # While 'challenges' is a required field, apparently not every CA cares
+        # (https://github.com/ansible-collections/community.crypto/issues/824)
+        if data.get('challenges'):
+            self.challenges = [Challenge.from_json(client, challenge) for challenge in data['challenges']]
+        else:
+            self.challenges = []
         if client.version == 1 and 'status' not in data:
             # https://tools.ietf.org/html/draft-ietf-acme-acme-02#section-6.1.2
             # "status (required, string): ...