From a4497a7ddf363ef8c45f7093f097fd1e0f784c7f Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Thu, 28 May 2015 15:02:28 -0700 Subject: [PATCH] Change uri module to validate ssl certs by default --- lib/ansible/modules/network/basics/uri.py | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/lib/ansible/modules/network/basics/uri.py b/lib/ansible/modules/network/basics/uri.py index bcdd6090676..227a814602b 100644 --- a/lib/ansible/modules/network/basics/uri.py +++ b/lib/ansible/modules/network/basics/uri.py @@ -131,6 +131,15 @@ options: description: - all arguments accepted by the M(file) module also work here required: false + validate_certs: + description: + - If C(no), SSL certificates will not be validated. This should only + set to C(no) used on personally controlled sites using self-signed + certificates. Prior to 1.9.2 the code defaulted to C(no). + required: false + default: 'yes' + choices: ['yes', 'no'] + version_added: '1.9.2' # informational: requirements for nodes requirements: [ urlparse, httplib2 ] @@ -162,20 +171,21 @@ EXAMPLES = ''' # Login to a form based webpage, then use the returned cookie to # access the app in later tasks + - uri: url: https://your.form.based.auth.examle.com/index.php method: POST body: "name=your_username&password=your_password&enter=Sign%20in" status_code: 302 HEADER_Content-Type: "application/x-www-form-urlencoded" - register: login + register: login - uri: url: https://your.form.based.auth.example.com/dashboard.php method: GET return_content: yes HEADER_Cookie: "{{login.set_cookie}}" - + # Queue build of a project in Jenkins: - uri: url: "http://{{ jenkins.host }}/job/{{ jenkins.job }}/build?token={{ jenkins.token }}" @@ -256,7 +266,7 @@ def url_filename(url): return fn -def uri(module, url, dest, user, password, body, body_format, method, headers, redirects, socket_timeout): +def uri(module, url, dest, user, password, body, body_format, method, headers, redirects, socket_timeout, validate_certs): # To debug #httplib2.debug = 4 @@ -272,7 +282,8 @@ def uri(module, url, dest, user, password, body, body_format, method, headers, r follow_all_redirects = False # Create a Http object and set some default options. - h = httplib2.Http(disable_ssl_certificate_validation=True, timeout=socket_timeout) + disable_validation = not validate_certs + h = httplib2.Http(disable_ssl_certificate_validation=disable_validation, timeout=socket_timeout) h.follow_all_redirects = follow_all_redirects h.follow_redirects = follow_redirects h.forward_authorization_headers = True @@ -359,6 +370,7 @@ def main(): removes = dict(required=False, default=None), status_code = dict(required=False, default=[200], type='list'), timeout = dict(required=False, default=30, type='int'), + validate_certs = dict(required=False, default=False, type='bool'), ), check_invalid_arguments=False, add_file_common_args=True @@ -383,6 +395,7 @@ def main(): removes = module.params['removes'] status_code = [int(x) for x in list(module.params['status_code'])] socket_timeout = module.params['timeout'] + validate_certs = module.params['validate_certs'] dict_headers = {} @@ -424,7 +437,7 @@ def main(): # Make the request - resp, content, dest = uri(module, url, dest, user, password, body, body_format, method, dict_headers, redirects, socket_timeout) + resp, content, dest = uri(module, url, dest, user, password, body, body_format, method, dict_headers, redirects, socket_timeout, validate_certs) resp['status'] = int(resp['status']) # Write the file out if requested