[FIX] INWX and docs (#2)

* [FIX] multiple record values dns-inwx-create.yml this is necessary as long as inwx/ansible-collection#9 is not resolved. * Update general_role_parameters.rst * Update acme_certificate_role.rst
Kariton · Oct 28, 2021 · 4d03360 · 4d03360
1 parent b1d5563
commit 4d03360
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 7 deletions.
diff --git a/docs/docsite/rst/acme_certificate_role.rst b/docs/docsite/rst/acme_certificate_role.rst
@@ -191,6 +191,10 @@ This role can be used as follows. Note that it obtains several certificates, and
         # For DNS challenges with ns1:
         # acme_certificate_dns_provider: ns1
         # acme_certificate_ns1_secret_key: REPLACE_WITH_YOUR_SECRET_KEY
+        # For DNS challenges with inwx:
+        # acme_certificate_dns_provider: inwx
+        # acme_certificate_inwx_username: REPLACE_WITH_YOUR_USERNAME
+        # acme_certificate_inwx_password: REPLACE_WITH_YOUR_SECRET_PASSWORD
 
       roles:
         - role: felixfontein.acme.acme_certificate

diff --git a/docs/docsite/rst/general_role_parameters.rst b/docs/docsite/rst/general_role_parameters.rst
@@ -87,12 +87,14 @@ DNS Challenges
 
 If DNS challenges are used, the following variables define how the challenges can be fulfilled:
 
-- ``acme_certificate_dns_provider``: must be one of ``route53``, ``hosttech``, and ``ns1``. Each needs more information:
+- ``acme_certificate_dns_provider``: must be one of ``route53``, ``hosttech``, ``ns1`` and ``inwx``. Each needs more information:
   - For ``route53`` (`Amazon Route 53 <https://aws.amazon.com/route53/>`_), the credentials must be passed as ``acme_certificate_aws_access_key`` and ``acme_certificate_aws_secret_key``.
   - For ``hosttech`` (`hosttech GmbH <https://www.hosttech.ch/>`_), the credentials have to be passed as ``acme_certificate_hosttech_username`` and ``acme_certificate_hosttech_password`` for using the old WSDL API, and ``acme_certificate_hosttech_token`` for the new JSON API.
   - For ``ns1`` (`ns1.com <https://ns1.com>`_) the key for your API account must be passed as ``acme_certificate_ns1_secret_key``. Also it depends on external module ``ns1_record``. See below for instructions on how to install these modules.
+  - For ``inwx`` (`inwx.de <https://inwx.de>`_) the credentials have to be passed as ``acme_certificate_inwx_username`` and ``acme_certificate_inwx_password``.
+Please keep in mind that 2FA (two factor authentication) is currently not supported and needs do be disabled. Related Issue: (`inwx/ansible-collection#3 <https://github.com/inwx/ansible-collection/issues/3>`_)
 
-Please note that the DNS challenge code is not perfect. The Route 53, Hosttech and NS1 functionality has been tested.
+Please note that the DNS challenge code is not perfect. The Route 53, Hosttech, NS1 and INWX functionality has been tested.
 
 Setting up NS1 modules
 ~~~~~~~~~~~~~~~~~~~~~~
@@ -105,3 +107,10 @@ For ``ns1`` (`ns1.com <https://ns1.com>`_) the external ``ns1_record`` module ne
     curl --create-dirs -L -o ~/.ansible/plugins/modules/ns1_record.py https://github.com/ns1/ns1-ansible-modules/raw/master/library/ns1_record.py
 
 Once NS1 converts their `set of modules <https://github.com/ns1/ns1-ansible-modules>`_ into a `collection <https://docs.ansible.com/ansible/latest/dev_guide/developing_collections.html>`_, it will become a lot easier to install and use them (`NS1 tracking issue <https://github.com/ns1/ns1-ansible-modules/issues/32>`_).
+
+Setting up INWX modules
+~~~~~~~~~~~~~~~~~~~~~~
+
+For ``inwx`` (`inwx.de <https://inwx.de>`_) the available Ansible Galaxy collection ``inwx.collection`` (`galaxy.ansible.com <https://galaxy.ansible.com/inwx/collection>`_) needs to be installed.
+
+It's as simple as: ``ansible-galaxy collection install inwx.collection``
diff --git a/roles/acme_certificate/tasks/dns-inwx-create.yml b/roles/acme_certificate/tasks/dns-inwx-create.yml
@@ -4,17 +4,19 @@
 - name: Creating challenge DNS entries for {{ ', '.join(acme_certificate_domains + acme_certificate_ips) }} via INWX
   inwx.collection.dns:
     state: present
-    domain: "{{ item.key | community.dns.get_registrable_domain }}"
+    domain: "{{ item.0.key | community.dns.get_registrable_domain }}"
     type: TXT
-    record: "{{ item.key | community.dns.remove_registrable_domain }}"
-    value: "{{ item.value | first }}"
-    solo: true
+    record: "{{ item.0.key | community.dns.remove_registrable_domain }}"
+    value: "{{ item.1 }}"
+    solo: "{{ 'true' if ansible_loop.first else 'false' }}"
     ttl: 300
     username: "{{ acme_certificate_inwx_username | default(omit) }}"
     password: "{{ acme_certificate_inwx_password | default(omit) }}"
   delegate_to: localhost
   run_once: true
-  with_dict: "{{ acme_certificate_INTERNAL_challenge.challenge_data_dns }}"
+  loop_control:
+    extended: yes  
+  loop: "{{ acme_certificate_INTERNAL_challenge.challenge_data_dns | dict2items | subelements('value') }}"
 
 - name: Wait for DNS entries to propagate
   community.dns.wait_for_txt: