From 2d8eda48851d82612d4448efeb9e0225fd1a57eb Mon Sep 17 00:00:00 2001
From: wate <pc.poisoning@gmail.com>
Date: Sun, 15 Sep 2024 20:48:08 +0900
Subject: [PATCH] =?UTF-8?q?=E5=A4=89=E6=95=B0=E3=82=92=E6=95=B4=E7=90=86?=
 =?UTF-8?q?=E3=81=97=E5=9E=8B=E3=82=92=E5=A4=89=E6=9B=B4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 defaults/main.yml                   | 13 ++---
 molecule/default/group_vars/all.yml |  8 +++
 molecule/default/verify.yml         | 89 ++++++++++++++++++++++++-----
 tasks/main.yml                      |  8 +--
 templates/domains.txt.j2            |  8 ++-
 templates/local.sh.j2               |  2 +-
 vars/main.yml                       |  5 --
 7 files changed, 100 insertions(+), 33 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 4e61c99..c65392c 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -22,13 +22,12 @@ dehydrated_lexicon_packages:
 ## -----------------
 ## dehydratedで管理するドメインの設定
 ## -----------------
-dehydrated_domains: []
-# - name: example.com
-#   domains:
-#     - example.com
-#     - *.example.com
-# - name: example.net
-#   domains: example.net
+dehydrated_domains: {}
+  # example.com:
+  # example.net: example.net
+  # example.org:
+  #   - example.org
+  #   - *.example.org
 
 ## -----------------
 ## dehydratedインストール時に実行するか否か
diff --git a/molecule/default/group_vars/all.yml b/molecule/default/group_vars/all.yml
index 86a5fc7..b58d6aa 100644
--- a/molecule/default/group_vars/all.yml
+++ b/molecule/default/group_vars/all.yml
@@ -2,4 +2,12 @@
 dehydrated_cfg:
   CA: https://acme-staging-v02.api.letsencrypt.org/directory
   CHALLENGETYPE: dns-01
+
 dehydrated_with_lexicon: true
+
+dehydrated_domains:
+  example.com:
+  example.net: example.net
+  star.service.example.org:
+    - service.example.org
+    - "*.service.example.org"
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
index 99762fe..a684011 100644
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@@ -2,19 +2,80 @@
 - name: Verify
   hosts: all
   gather_facts: true
-  check_mode: true
+  become: true
   tasks:
-    - name: test dehydrated package
-      ansible.builtin.apt:
-        name: dehydrated
-      register: result
-    - name: assert package
+    - name: Gather package facts
+      ansible.builtin.package_facts:
+        manager: auto
+    - name: Assert package
       ansible.builtin.assert:
-        that: result is not changed
-    - name: test lexicon package
-      ansible.builtin.apt:
-        name: lexicon
-      register: result
-    - name: assert package
-      ansible.builtin.assert:
-        that: result is not changed
+        that:
+          - ansible_facts.packages['dehydrated']
+          - ansible_facts.packages['lexicon']
+    - name: Test domains.txt
+      block:
+        - name: Get local.sh CA content
+          ansible.builtin.command:
+            cmd: grep "CA=" /etc/dehydrated/conf.d/local.sh
+          changed_when: false
+          failed_when: local_sh_content.rc > 1
+          register: local_sh_content
+        - name: Test local.sh
+          block:
+            - name: Assert
+              ansible.builtin.assert:
+                that:
+                  - local_sh_content.rc == 0
+                  - local_sh_content.stdout == 'CA="https://acme-staging-v02.api.letsencrypt.org/directory"'
+            - name: Get local.sh CHALLENGETYPE content
+              ansible.builtin.command:
+                cmd: grep "CHALLENGETYPE=" /etc/dehydrated/conf.d/local.sh
+              changed_when: false
+              failed_when: local_sh_content.rc > 1
+              register: local_sh_content
+            - name: Assert local.sh
+              ansible.builtin.assert:
+                that:
+                  - local_sh_content.rc == 0
+                  - local_sh_content.stdout == 'CHALLENGETYPE="dns-01"'
+    - name: Test domains.txt
+      block:
+        - name: Test value is none
+          block:
+            - name: Get domains.txt content(value is none)
+              ansible.builtin.command:
+                cmd: grep "example.com" /etc/dehydrated/domains.txt
+              failed_when: domains_txt_content.rc > 1
+              changed_when: false
+              register: domains_txt_content
+            - name: Assert domains.txt
+              ansible.builtin.assert:
+                that:
+                  - domains_txt_content.rc == 0
+                  - domains_txt_content.stdout == 'example.com'
+        - name: Test value is string
+          block:
+            - name: Get domains.txt content(value is string)
+              ansible.builtin.command:
+                cmd: grep "example.net" /etc/dehydrated/domains.txt
+              failed_when: domains_txt_content.rc > 1
+              changed_when: false
+              register: domains_txt_content
+            - name: Assert domains.txt
+              ansible.builtin.assert:
+                that:
+                  - domains_txt_content.rc == 0
+                  - domains_txt_content.stdout == 'example.net > example.net'
+        - name: Test value is list
+          block:
+            - name: Get domains.txt content(value is list)
+              ansible.builtin.command:
+                cmd: grep "star.service.example.org" /etc/dehydrated/domains.txt
+              failed_when: domains_txt_content.rc > 1
+              changed_when: false
+              register: domains_txt_content
+            - name: Assert domains.txt
+              ansible.builtin.assert:
+                that:
+                  - domains_txt_content.rc == 0
+                  - domains_txt_content.stdout == 'service.example.org *.service.example.org > star.service.example.org'
diff --git a/tasks/main.yml b/tasks/main.yml
index fc226e4..ee923b0 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -11,22 +11,22 @@
 - name: Create addtitional config file
   ansible.builtin.template:
     src: local.sh.j2
-    dest: "{{ dehydrated_config_dir }}/local.sh"
+    dest: /etc/dehydrated/conf.d/local.sh
     mode: "0644"
 - name: Create domain file
   ansible.builtin.template:
     src: domains.txt.j2
-    dest: "{{ dehydrated_domains_txt }}"
+    dest: /etc/dehydrated/domains.txt
     mode: "0644"
 - name: Create hook file
   ansible.builtin.template:
     src: hook.sh.j2
-    dest: "{{ dehydrated_config_base_dir }}/hook.sh"
+    dest: /etc/dehydrated/hook.sh
     mode: "0750"
 - name: Register account key
   ansible.builtin.command:
     cmd: dehydrated --register --accept-terms
-    creates: "{{ dehydrated_base_dir }}/accounts"
+    creates: /var/lib/dehydrated/accounts
 - name: Create auth file directory
   ansible.builtin.file:
     path: /var/www/dehydrated
diff --git a/templates/domains.txt.j2 b/templates/domains.txt.j2
index 39b8149..b6450d1 100644
--- a/templates/domains.txt.j2
+++ b/templates/domains.txt.j2
@@ -1,3 +1,7 @@
-{% for domain in dehydrated_domains -%}
-{{ domain.domains if domain.domains is string else domain.domains | join(' ') }} > {{ domain.name }}
+{% for domain in dehydrated_domains | dict2items -%}
+{% if domain.value -%}
+{{ domain.value is string | ternary(domain.value, domain.value | join(' ')) }} > {{ domain.key }}
+{% else -%}
+{{ domain.key }}
+{% endif %}
 {% endfor %}
diff --git a/templates/local.sh.j2 b/templates/local.sh.j2
index 833a72a..221d0b7 100644
--- a/templates/local.sh.j2
+++ b/templates/local.sh.j2
@@ -2,4 +2,4 @@
 {% for cfg_name, cfg_value in dehydrated_cfg.items() -%}
 {{ cfg_name }}="{{ cfg_value }}"
 {% endfor %}
-HOOK="{{ dehydrated_config_base_dir }}/hook.sh"
+HOOK="/etc/dehydrated/hook.sh"
diff --git a/vars/main.yml b/vars/main.yml
index 1bd455d..ed97d53 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,6 +1 @@
 ---
-dehydrated_config_base_dir: /etc/dehydrated
-dehydrated_config_dir: /etc/dehydrated/conf.d
-dehydrated_base_dir: /var/lib/dehydrated
-dehydrated_wellknown_dir: "{{ dehydrated_base_dir }}/acme-challenges"
-dehydrated_domains_txt: /etc/dehydrated/domains.txt