Automated SSL/TLS certificate lifecycle management using ZeroSSL REST API with Ansible. Supports HTTP-01/DNS-01 validation, multi-domain SAN certificates, and automated renewal workflows.
Comprehensive Ansible action plugin for managing SSL/TLS certificates through the ZeroSSL REST API with enterprise-grade automation, validation, and renewal workflows.
This skill provides expert guidance for working with the ansible-zerossl project, a production-ready Ansible plugin that automates SSL certificate lifecycle management. It helps you understand, maintain, and extend the codebase following established architectural patterns and quality standards.
The project implements a layered architecture with clear separation of concerns:
When working with this codebase, follow these principles:
**Always maintain the HTTP boundary mocking pattern:**
**Quality requirements:**
When implementing new certificate management features:
1. **Update the module utilities first** (`plugins/module_utils/zerossl/`)
- Add methods to appropriate modules (api_client, certificate_manager, validation_handler)
- Follow existing error handling patterns using custom exceptions
- Implement idempotent operations
- Add comprehensive docstrings
2. **Write tests following HTTP boundary pattern**
- Use fixtures from `tests/fixtures/` for realistic API responses
- Mock HTTP responses at the boundary using `mock_http_boundary`
- Exercise the full method call stack
- Validate both success and error paths
3. **Update the action plugin** (`plugins/action/zerossl_certificate.py`)
- Integrate new functionality into Ansible workflow
- Maintain idempotency and check mode support
- Add appropriate result metadata
4. **Run quality gates**
```bash
make test-quality # Run all quality validations
make coverage # Generate coverage report
make test-contracts # Validate test contracts
```
**For test failures:**
**For API integration issues:**
**For performance problems:**
**When adding new test fixtures:**
**When creating new automation scripts:**
**Update documentation when:**
**Key documentation files:**
The project uses GitHub Actions for continuous integration:
**Before committing:**
```bash
make test # Run full test suite
make coverage # Verify coverage threshold
make lint # Check code style
make test-quality # Run all quality gates
```
**Idempotency:** All operations check current state before making changes
**Error Handling:** Use custom exceptions from `exceptions.py`, never bare except clauses
**Validation:** Validate inputs early using `config_validator.py`
**Caching:** Use certificate cache to minimize API calls
**Concurrency:** Manage concurrent operations through `concurrency.py`
**Retry Logic:** Implement exponential backoff for transient failures
**Add support for new validation method:**
1. Extend `validation_handler.py` with new method
2. Add test fixtures for validation flow
3. Write HTTP boundary tests exercising the method
4. Update action plugin to expose the option
5. Document in user-facing docs
**Optimize API call efficiency:**
1. Review cache implementation and TTL settings
2. Analyze certificate_manager.py for redundant calls
3. Add caching for new endpoints if needed
4. Validate performance with `performance_validation.py`
**Extend certificate renewal logic:**
1. Modify `certificate_manager.py` renewal methods
2. Add tests covering new renewal conditions
3. Update expiration threshold configuration
4. Test idempotency of renewal operations
When your changes are complete, verify:
Leave a review
No reviews yet. Be the first to review this skill!
# Download SKILL.md from killerskills.ai/api/skills/ansible-zerossl-certificate-manager/raw