Merge pull request #9281 from woltage/devel

Enables 'force basic auth' -feature globally
9 years ago · e9a3a2912d
parent 493d91cb55 4e7542af37
commit e9a3a2912d
1 changed files with 18 additions and 9 deletions
--- a/lib/ansible/module_utils/urls.py
+++ b/lib/ansible/module_utils/urls.py
@ -229,6 +229,7 @@ import sys
 import socket
 import platform
 import tempfile
+import base64


 # This is a dummy cacert provided for Mac OS since you need at least 1
@ -522,12 +523,11 @@ class SSLValidationHandler(urllib2.BaseHandler):
 # Rewrite of fetch_url to not require the module environment
 def open_url(url, data=None, headers=None, method=None, use_proxy=True,
        force=False, last_mod_time=None, timeout=10, validate_certs=True,
-        url_username=None, url_password=None, http_agent=None):
+        url_username=None, url_password=None, http_agent=None, force_basic_auth=False):
    '''
    Fetches a file from an HTTP/FTP server using urllib2
    '''
    handlers = []
-
    # FIXME: change the following to use the generic_urlparse function
    #        to remove the indexed references for 'parsed'
    parsed = urlparse.urlparse(url)
@ -572,7 +572,7 @@ def open_url(url, data=None, headers=None, method=None, use_proxy=True,
            # reconstruct url without credentials
            url = urlparse.urlunparse(parsed)

-        if username:
+        if username and not force_basic_auth:
            passman = urllib2.HTTPPasswordMgrWithDefaultRealm()

            # this creates a password manager
@ -586,6 +586,12 @@ def open_url(url, data=None, headers=None, method=None, use_proxy=True,
            # create the AuthHandler
            handlers.append(authhandler)

+        elif username and force_basic_auth:
+            if headers is None:
+                headers = {}
+
+            headers["Authorization"] = "Basic {0}".format(base64.b64encode("{0}:{1}".format(username, password)))
+
    if not use_proxy:
        proxyhandler = urllib2.ProxyHandler({})
        handlers.append(proxyhandler)
@ -650,6 +656,8 @@ def url_argument_spec():
        validate_certs = dict(default='yes', type='bool'),
        url_username = dict(required=False),
        url_password = dict(required=False),
+        force_basic_auth = dict(required=False, type='bool', default='no'),
+
    )

 def fetch_url(module, url, data=None, headers=None, method=None,
@ -669,6 +677,7 @@ def fetch_url(module, url, data=None, headers=None, method=None,
    username = module.params.get('url_username', '')
    password = module.params.get('url_password', '')
    http_agent = module.params.get('http_agent', None)
+    force_basic_auth = module.params.get('force_basic_auth', '')

    r = None
    info = dict(url=url)
@ -676,7 +685,7 @@ def fetch_url(module, url, data=None, headers=None, method=None,
        r = open_url(url, data=data, headers=headers, method=method,
                use_proxy=use_proxy, force=force, last_mod_time=last_mod_time, timeout=timeout,
                validate_certs=validate_certs, url_username=username,
-                url_password=password, http_agent=http_agent)
+                url_password=password, http_agent=http_agent, force_basic_auth=force_basic_auth)
        info.update(r.info())
        info['url'] = r.geturl()  # The URL goes in too, because of redirects.
        info.update(dict(msg="OK (%s bytes)" % r.headers.get('Content-Length', 'unknown'), status=200))