Add `validate_certs` param to bigip_* modules

Ignoring SSL cert verification may be necessary when testing with a server that has a self-signed certificate. See https://github.com/ansible/ansible-modules-extras/pull/288#issuecomment-85196736
10 years ago · 128cf5fd74
parent bad5666c9e
commit 128cf5fd74
6 changed files with 118 additions and 0 deletions
--- a/lib/ansible/modules/extras/network/f5/bigip_facts.py
+++ b/lib/ansible/modules/extras/network/f5/bigip_facts.py
@ -56,6 +56,14 @@ options:
        default: null
        choices: []
        aliases: []
+    validate_certs:
+        description:
+            - If C(no), SSL certificates will not be validated. This should only be used
+              on personally controlled sites using self-signed certificates.
+        required: false
+        default: 'yes'
+        choices: ['yes', 'no']
+        version_added: 1.9.1
    session:
        description:
            - BIG-IP session support; may be useful to avoid concurrency
@ -1566,6 +1574,12 @@ def generate_software_list(f5):
    software_list = software.get_all_software_status()
    return software_list

+def disable_ssl_cert_validation():
+    # You probably only want to do this for testing and never in production.
+    # From https://www.python.org/dev/peps/pep-0476/#id29
+    import ssl
+    ssl._create_default_https_context = ssl._create_unverified_context
+

 def main():
    module = AnsibleModule(
@ -1573,6 +1587,7 @@ def main():
            server = dict(type='str', required=True),
            user = dict(type='str', required=True),
            password = dict(type='str', required=True),
+            validate_certs = dict(default='yes', type='bool'),
            session = dict(type='bool', default=False),
            include = dict(type='list', required=True),
            filter = dict(type='str', required=False),
@ -1585,6 +1600,7 @@ def main():
    server = module.params['server']
    user = module.params['user']
    password = module.params['password']
+    validate_certs = module.params['validate_certs']
    session = module.params['session']
    fact_filter = module.params['filter']
    if fact_filter:
@ -1601,6 +1617,9 @@ def main():
    if not all(include_test):
        module.fail_json(msg="value of include must be one or more of: %s, got: %s" % (",".join(valid_includes), ",".join(include)))

+    if not validate_certs:
+        disable_ssl_cert_validation()
+
    try:
        facts = {}

--- a/lib/ansible/modules/extras/network/f5/bigip_monitor_http.py
+++ b/lib/ansible/modules/extras/network/f5/bigip_monitor_http.py
@ -51,6 +51,14 @@ options:
            - BIG-IP password
        required: true
        default: null
+    validate_certs:
+        description:
+            - If C(no), SSL certificates will not be validated. This should only be used
+              on personally controlled sites using self-signed certificates.
+        required: false
+        default: 'yes'
+        choices: ['yes', 'no']
+        version_added: 1.9.1
    state:
        description:
            - Monitor state
@ -177,6 +185,14 @@ def bigip_api(bigip, user, password):
    return api


+def disable_ssl_cert_validation():
+
+    # You probably only want to do this for testing and never in production.
+    # From https://www.python.org/dev/peps/pep-0476/#id29
+    import ssl
+    ssl._create_default_https_context = ssl._create_unverified_context
+
+
 def check_monitor_exists(module, api, monitor, parent):

    # hack to determine if monitor exists
@ -311,6 +327,7 @@ def main():
            server    = dict(required=True),
            user      = dict(required=True),
            password  = dict(required=True),
+            validate_certs = dict(default='yes', type='bool'),
            partition = dict(default='Common'),
            state     = dict(default='present', choices=['present', 'absent']),
            name      = dict(required=True),
@ -331,6 +348,7 @@ def main():
    server = module.params['server']
    user = module.params['user']
    password = module.params['password']
+    validate_certs = module.params['validate_certs']
    partition = module.params['partition']
    parent_partition = module.params['parent_partition']
    state = module.params['state']
@ -348,6 +366,9 @@ def main():

    # end monitor specific stuff

+    if not validate_certs:
+        disable_ssl_cert_validation()
+
    if not bigsuds_found:
        module.fail_json(msg="the python bigsuds module is required")
    api = bigip_api(server, user, password)
--- a/lib/ansible/modules/extras/network/f5/bigip_monitor_tcp.py
+++ b/lib/ansible/modules/extras/network/f5/bigip_monitor_tcp.py
@ -49,6 +49,14 @@ options:
            - BIG-IP password
        required: true
        default: null
+    validate_certs:
+        description:
+            - If C(no), SSL certificates will not be validated. This should only be used
+              on personally controlled sites using self-signed certificates.
+        required: false
+        default: 'yes'
+        choices: ['yes', 'no']
+        version_added: 1.9.1
    state:
        description:
            - Monitor state
@ -196,6 +204,14 @@ def bigip_api(bigip, user, password):
    return api


+def disable_ssl_cert_validation():
+
+    # You probably only want to do this for testing and never in production.
+    # From https://www.python.org/dev/peps/pep-0476/#id29
+    import ssl
+    ssl._create_default_https_context = ssl._create_unverified_context
+
+
 def check_monitor_exists(module, api, monitor, parent):

    # hack to determine if monitor exists
@ -331,6 +347,7 @@ def main():
            server    = dict(required=True),
            user      = dict(required=True),
            password  = dict(required=True),
+            validate_certs = dict(default='yes', type='bool'),
            partition = dict(default='Common'),
            state     = dict(default='present', choices=['present', 'absent']),
            name      = dict(required=True),
@ -351,6 +368,7 @@ def main():
    server = module.params['server']
    user = module.params['user']
    password = module.params['password']
+    validate_certs = module.params['validate_certs']
    partition = module.params['partition']
    parent_partition = module.params['parent_partition']
    state = module.params['state']
@ -372,6 +390,9 @@ def main():

    # end monitor specific stuff

+    if not validate_certs:
+        disable_ssl_cert_validation()
+
    if not bigsuds_found:
        module.fail_json(msg="the python bigsuds module is required")
    api = bigip_api(server, user, password)
--- a/lib/ansible/modules/extras/network/f5/bigip_node.py
+++ b/lib/ansible/modules/extras/network/f5/bigip_node.py
@ -54,6 +54,14 @@ options:
        default: null
        choices: []
        aliases: []
+    validate_certs:
+        description:
+            - If C(no), SSL certificates will not be validated. This should only be used
+              on personally controlled sites using self-signed certificates.
+        required: false
+        default: 'yes'
+        choices: ['yes', 'no']
+        version_added: 1.9.1
    state:
        description:
            - Pool member state
@ -154,6 +162,12 @@ def bigip_api(bigip, user, password):
    api = bigsuds.BIGIP(hostname=bigip, username=user, password=password)
    return api

+def disable_ssl_cert_validation():
+    # You probably only want to do this for testing and never in production.
+    # From https://www.python.org/dev/peps/pep-0476/#id29
+    import ssl
+    ssl._create_default_https_context = ssl._create_unverified_context
+
 def node_exists(api, address):
    # hack to determine if node exists
    result = False
@ -212,6 +226,7 @@ def main():
            server = dict(type='str', required=True),
            user = dict(type='str', required=True),
            password = dict(type='str', required=True),
+            validate_certs = dict(default='yes', type='bool'),
            state = dict(type='str', default='present', choices=['present', 'absent']),
            partition = dict(type='str', default='Common'),
            name = dict(type='str', required=True),
@ -227,6 +242,7 @@ def main():
    server = module.params['server']
    user = module.params['user']
    password = module.params['password']
+    validate_certs = module.params['validate_certs']
    state = module.params['state']
    partition = module.params['partition']
    host = module.params['host']
@ -234,6 +250,9 @@ def main():
    address = "/%s/%s" % (partition, name)
    description = module.params['description']

+    if not validate_certs:
+        disable_ssl_cert_validation()
+
    if state == 'absent' and host is not None:
        module.fail_json(msg="host parameter invalid when state=absent")

--- a/lib/ansible/modules/extras/network/f5/bigip_pool.py
+++ b/lib/ansible/modules/extras/network/f5/bigip_pool.py
@ -54,6 +54,14 @@ options:
        default: null
        choices: []
        aliases: []
+    validate_certs:
+        description:
+            - If C(no), SSL certificates will not be validated. This should only be used
+              on personally controlled sites using self-signed certificates.
+        required: false
+        default: 'yes'
+        choices: ['yes', 'no']
+        version_added: 1.9.1
    state:
        description:
            - Pool/pool member state
@ -235,6 +243,12 @@ def bigip_api(bigip, user, password):
    api = bigsuds.BIGIP(hostname=bigip, username=user, password=password)
    return api

+def disable_ssl_cert_validation():
+    # You probably only want to do this for testing and never in production.
+    # From https://www.python.org/dev/peps/pep-0476/#id29
+    import ssl
+    ssl._create_default_https_context = ssl._create_unverified_context
+
 def pool_exists(api, pool):
    # hack to determine if pool exists
    result = False
@ -359,6 +373,7 @@ def main():
            server = dict(type='str', required=True),
            user = dict(type='str', required=True),
            password = dict(type='str', required=True),
+            validate_certs = dict(default='yes', type='bool'),
            state = dict(type='str', default='present', choices=['present', 'absent']),
            name = dict(type='str', required=True, aliases=['pool']),
            partition = dict(type='str', default='Common'),
@ -380,6 +395,7 @@ def main():
    server = module.params['server']
    user = module.params['user']
    password = module.params['password']
+    validate_certs = module.params['validate_certs']
    state = module.params['state']
    name = module.params['name']
    partition = module.params['partition']
@ -407,6 +423,9 @@ def main():
    address = "/%s/%s" % (partition, host)
    port = module.params['port']

+    if not validate_certs:
+        disable_ssl_cert_validation()
+
    # sanity check user supplied values

    if (host and not port) or (port and not host):
--- a/lib/ansible/modules/extras/network/f5/bigip_pool_member.py
+++ b/lib/ansible/modules/extras/network/f5/bigip_pool_member.py
@ -56,6 +56,14 @@ options:
        default: null
        choices: []
        aliases: []
+    validate_certs:
+        description:
+            - If C(no), SSL certificates will not be validated. This should only be used
+              on personally controlled sites using self-signed certificates.
+        required: false
+        default: 'yes'
+        choices: ['yes', 'no']
+        version_added: 1.9.1
    state:
        description:
            - Pool member state
@ -189,6 +197,12 @@ def bigip_api(bigip, user, password):
    api = bigsuds.BIGIP(hostname=bigip, username=user, password=password)
    return api

+def disable_ssl_cert_validation():
+    # You probably only want to do this for testing and never in production.
+    # From https://www.python.org/dev/peps/pep-0476/#id29
+    import ssl
+    ssl._create_default_https_context = ssl._create_unverified_context
+
 def pool_exists(api, pool):
    # hack to determine if pool exists
    result = False
@ -282,6 +296,7 @@ def main():
            server = dict(type='str', required=True),
            user = dict(type='str', required=True),
            password = dict(type='str', required=True),
+            validate_certs = dict(default='yes', type='bool'),
            state = dict(type='str', default='present', choices=['present', 'absent']),
            pool = dict(type='str', required=True),
            partition = dict(type='str', default='Common'),
@ -301,6 +316,7 @@ def main():
    server = module.params['server']
    user = module.params['user']
    password = module.params['password']
+    validate_certs = module.params['validate_certs']
    state = module.params['state']
    partition = module.params['partition']
    pool = "/%s/%s" % (partition, module.params['pool'])
@ -312,6 +328,9 @@ def main():
    address = "/%s/%s" % (partition, host)
    port = module.params['port']

+    if not validate_certs:
+        disable_ssl_cert_validation()
+
    # sanity check user supplied values

    if (host and not port) or (port and not host):