Adding 'validate_certs' option to EC2 modules

When disabled, the boto connection will be instantiated without validating
the SSL certificate from the target endpoint. This allows the modules to connect
to Eucalyptus instances running with self-signed certs without errors.

Fixes #3978
pull/5998/head
James Cammarata 11 years ago
parent eaced05a77
commit 056d54ebd3

@ -1,3 +1,9 @@
try:
from distutils.version import LooseVersion
HAS_LOOSE_VERSION = True
except:
HAS_LOOSE_VERSION = False
AWS_REGIONS = ['ap-northeast-1', AWS_REGIONS = ['ap-northeast-1',
'ap-southeast-1', 'ap-southeast-1',
'ap-southeast-2', 'ap-southeast-2',
@ -14,6 +20,7 @@ def ec2_argument_spec():
ec2_url=dict(), ec2_url=dict(),
ec2_secret_key=dict(aliases=['aws_secret_key', 'secret_key'], no_log=True), ec2_secret_key=dict(aliases=['aws_secret_key', 'secret_key'], no_log=True),
ec2_access_key=dict(aliases=['aws_access_key', 'access_key']), ec2_access_key=dict(aliases=['aws_access_key', 'access_key']),
validate_certs=dict(default=True, type='bool'),
) )
@ -62,16 +69,23 @@ def ec2_connect(module):
""" Return an ec2 connection""" """ Return an ec2 connection"""
ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module) ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module)
validate_certs = module.get('validate_certs', True)
# If we have a region specified, connect to its endpoint. # If we have a region specified, connect to its endpoint.
if region: if region:
try: try:
if HAS_LOOSE_VERSION and LooseVersion(boto.Version) >= LooseVersion("2.6.0"):
ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key, validate_certs=validate_certs)
else:
ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key) ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key)
except boto.exception.NoAuthHandlerFound, e: except boto.exception.NoAuthHandlerFound, e:
module.fail_json(msg = str(e)) module.fail_json(msg = str(e))
# Otherwise, no region so we fallback to the old connection method # Otherwise, no region so we fallback to the old connection method
elif ec2_url: elif ec2_url:
try: try:
if HAS_LOOSE_VERSION and LooseVersion(boto.Version) >= LooseVersion("2.6.0"):
ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key, validate_certs=validate_certs)
else:
ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key) ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key)
except boto.exception.NoAuthHandlerFound, e: except boto.exception.NoAuthHandlerFound, e:
module.fail_json(msg = str(e)) module.fail_json(msg = str(e))

@ -88,6 +88,14 @@ options:
required: false required: false
aliases: ['aws_region', 'ec2_region'] aliases: ['aws_region', 'ec2_region']
version_added: "1.5" version_added: "1.5"
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
author: James S. Martin author: James S. Martin

@ -212,7 +212,14 @@ options:
required: false required: false
default: null default: null
aliases: [] aliases: []
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
author: Seth Vidal, Tim Gerla, Lester Wade author: Seth Vidal, Tim Gerla, Lester Wade

@ -101,6 +101,14 @@ options:
required: false required: false
default: null default: null
aliases: [] aliases: []
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
author: Evan Duffield <eduffield@iacquire.com> author: Evan Duffield <eduffield@iacquire.com>

@ -53,6 +53,15 @@ options:
required: false required: false
default: false default: false
version_added: "1.4" version_added: "1.4"
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
author: Lorin Hochstein <lorin@nimbisservices.com> author: Lorin Hochstein <lorin@nimbisservices.com>
notes: notes:

@ -74,6 +74,14 @@ options:
required: false required: false
default: yes default: yes
choices: [ "yes", "no" ] choices: [ "yes", "no" ]
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
""" """

@ -73,6 +73,14 @@ options:
- The AWS region to use. If not specified then the value of the EC2_REGION environment variable, if any, is used. - The AWS region to use. If not specified then the value of the EC2_REGION environment variable, if any, is used.
required: false required: false
aliases: ['aws_region', 'ec2_region'] aliases: ['aws_region', 'ec2_region']
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
""" """

@ -57,6 +57,14 @@ options:
required: false required: false
default: 'present' default: 'present'
aliases: [] aliases: []
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
''' '''

@ -48,6 +48,14 @@ options:
required: false required: false
default: 'present' default: 'present'
aliases: [] aliases: []
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
author: Vincent Viallet author: Vincent Viallet

@ -59,6 +59,15 @@ options:
required: false required: false
default: null default: null
aliases: [] aliases: []
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
author: Lester Wade author: Lester Wade
''' '''

@ -82,6 +82,15 @@ options:
- snapshot ID on which to base the volume - snapshot ID on which to base the volume
required: false required: false
default: null default: null
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
author: Lester Wade author: Lester Wade
''' '''

@ -99,6 +99,15 @@ options:
required: false required: false
default: None default: None
aliases: ['ec2_access_key', 'access_key' ] aliases: ['ec2_access_key', 'access_key' ]
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
author: Carson Gee author: Carson Gee
''' '''

Loading…
Cancel
Save