From 77c76e632eb896def3b214606e636198ac67e5fe Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Fri, 12 Jun 2015 12:32:02 -0700 Subject: [PATCH] Switch etcd and url lookup plugins to verify ssl certificates --- lib/ansible/plugins/lookup/etcd.py | 14 +++++++++----- lib/ansible/plugins/lookup/url.py | 30 ++++++++++++++++++------------ 2 files changed, 27 insertions(+), 17 deletions(-) diff --git a/lib/ansible/plugins/lookup/etcd.py b/lib/ansible/plugins/lookup/etcd.py index 002068389f8..1ea42e8f84c 100644 --- a/lib/ansible/plugins/lookup/etcd.py +++ b/lib/ansible/plugins/lookup/etcd.py @@ -18,23 +18,25 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type import os -import urllib2 + try: import json except ImportError: import simplejson as json from ansible.plugins.lookup import LookupBase +from ansible.module_utils.urls import open_url # this can be made configurable, not should not use ansible.cfg ANSIBLE_ETCD_URL = 'http://127.0.0.1:4001' if os.getenv('ANSIBLE_ETCD_URL') is not None: ANSIBLE_ETCD_URL = os.environ['ANSIBLE_ETCD_URL'] -class etcd(): - def __init__(self, url=ANSIBLE_ETCD_URL): +class Etcd: + def __init__(self, url=ANSIBLE_ETCD_URL, validate_certs): self.url = url self.baseurl = '%s/v1/keys' % (self.url) + self.validate_certs = validate_certs def get(self, key): url = "%s/%s" % (self.baseurl, key) @@ -42,7 +44,7 @@ class etcd(): data = None value = "" try: - r = urllib2.urlopen(url) + r = open_url(url, validate_certs=self.validate_certs) data = r.read() except: return value @@ -67,7 +69,9 @@ class LookupModule(LookupBase): if isinstance(terms, basestring): terms = [ terms ] - etcd = etcd() + validate_certs = kwargs.get('validate_certs', True) + + etcd = Etcd(validate_certs=validate_certs) ret = [] for term in terms: diff --git a/lib/ansible/plugins/lookup/url.py b/lib/ansible/plugins/lookup/url.py index 9f1a89f772c..c6efc6a31b3 100644 --- a/lib/ansible/plugins/lookup/url.py +++ b/lib/ansible/plugins/lookup/url.py @@ -17,30 +17,36 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -from ansible.plugins.lookup import LookupBase import urllib2 +from ansible.errors import AnsibleError +from ansible.plugins.lookup import LookupBase +from ansible.module_utils.urls import open_url, ConnectionError, SSLValidationError +from ansible.utils.unicode import to_unicode + class LookupModule(LookupBase): - def run(self, terms, inject=None, **kwargs): + def run(self, terms, variables=None, **kwargs): if isinstance(terms, basestring): terms = [ terms ] + validate_certs = kwargs.get('validate_certs', True) + ret = [] for term in terms: try: - r = urllib2.Request(term) - response = urllib2.urlopen(r) - except URLError as e: - utils.warnings("Failed lookup url for %s : %s" % (term, str(e))) - continue - except HTTPError as e: - utils.warnings("Received HTTP error for %s : %s" % (term, str(e))) - continue + response = open_url(term, validate_certs=validate_certs) + except urllib2.URLError as e: + raise AnsibleError("Failed lookup url for %s : %s" % (term, str(e))) + except urllib2.HTTPError as e: + raise AnsibleError("Received HTTP error for %s : %s" % (term, str(e))) + except SSLValidationError as e: + raise AnsibleError("Error validating the server's certificate for %s: %s" % (term, str(e))) + except ConnectionError as e: + raise AnsibleError("Error connecting to %s: %s" % (term, str(e))) for line in response.read().splitlines(): - ret.append(line) - + ret.append(to_unicode(line)) return ret