mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
[PR #7550/f87777b9 backport][stable-8] irc module: add validate_certs, rename use_ssl to use_tls (keeping use_ssl as an alias) (#7575)
irc module: add validate_certs, rename use_ssl to use_tls (keeping use_ssl as an alias) (#7550)
* Rename use_ssl to use_tls, keep use_ssl as an alias.
* Add validate_certs option.
* Add changelog fragment and recommend setting TLS related settings to true.
* Fix formatting.
* Update documentation to use use_tls=true and validate_certs=true.
(cherry picked from commit f87777b9f5
)
Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
parent
0d23fa7a49
commit
04b29342d2
2 changed files with 47 additions and 12 deletions
5
changelogs/fragments/7550-irc-use_tls-validate_certs.yml
Normal file
5
changelogs/fragments/7550-irc-use_tls-validate_certs.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
minor_changes:
|
||||||
|
- "irc - add ``validate_certs`` option, and rename ``use_ssl`` to ``use_tls``, while keeping ``use_ssl`` as an alias.
|
||||||
|
The default value for ``validate_certs`` is ``false`` for backwards compatibility. We recommend to every user of
|
||||||
|
this module to explicitly set ``use_tls=true`` and `validate_certs=true`` whenever possible, especially when
|
||||||
|
communicating to IRC servers over the internet (https://github.com/ansible-collections/community.general/pull/7550)."
|
|
@ -79,11 +79,17 @@ options:
|
||||||
- Timeout to use while waiting for successful registration and join
|
- Timeout to use while waiting for successful registration and join
|
||||||
messages, this is to prevent an endless loop
|
messages, this is to prevent an endless loop
|
||||||
default: 30
|
default: 30
|
||||||
use_ssl:
|
use_tls:
|
||||||
description:
|
description:
|
||||||
- Designates whether TLS/SSL should be used when connecting to the IRC server
|
- Designates whether TLS/SSL should be used when connecting to the IRC server
|
||||||
|
- O(use_tls) is available since community.general 8.1.0, before the option
|
||||||
|
was exlusively called O(use_ssl). The latter is now an alias of O(use_tls).
|
||||||
|
- B(Note:) for security reasons, you should always set O(use_tls=true) and
|
||||||
|
O(validate_certs=true) whenever possible.
|
||||||
type: bool
|
type: bool
|
||||||
default: false
|
default: false
|
||||||
|
aliases:
|
||||||
|
- use_ssl
|
||||||
part:
|
part:
|
||||||
description:
|
description:
|
||||||
- Designates whether user should part from channel after sending message or not.
|
- Designates whether user should part from channel after sending message or not.
|
||||||
|
@ -96,6 +102,16 @@ options:
|
||||||
- Text style for the message. Note italic does not work on some clients
|
- Text style for the message. Note italic does not work on some clients
|
||||||
choices: [ "bold", "underline", "reverse", "italic", "none" ]
|
choices: [ "bold", "underline", "reverse", "italic", "none" ]
|
||||||
default: none
|
default: none
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- If set to V(false), the SSL certificates will not be validated.
|
||||||
|
- This should always be set to V(true). Using V(false) is unsafe and should only be done
|
||||||
|
if the network between between Ansible and the IRC server is known to be safe.
|
||||||
|
- B(Note:) for security reasons, you should always set O(use_tls=true) and
|
||||||
|
O(validate_certs=true) whenever possible.
|
||||||
|
default: false
|
||||||
|
type: bool
|
||||||
|
version_added: 8.1.0
|
||||||
|
|
||||||
# informational: requirements for nodes
|
# informational: requirements for nodes
|
||||||
requirements: [ socket ]
|
requirements: [ socket ]
|
||||||
|
@ -108,6 +124,8 @@ EXAMPLES = '''
|
||||||
- name: Send a message to an IRC channel from nick ansible
|
- name: Send a message to an IRC channel from nick ansible
|
||||||
community.general.irc:
|
community.general.irc:
|
||||||
server: irc.example.net
|
server: irc.example.net
|
||||||
|
use_tls: true
|
||||||
|
validate_certs: true
|
||||||
channel: #t1
|
channel: #t1
|
||||||
msg: Hello world
|
msg: Hello world
|
||||||
|
|
||||||
|
@ -116,6 +134,8 @@ EXAMPLES = '''
|
||||||
module: irc
|
module: irc
|
||||||
port: 6669
|
port: 6669
|
||||||
server: irc.example.net
|
server: irc.example.net
|
||||||
|
use_tls: true
|
||||||
|
validate_certs: true
|
||||||
channel: #t1
|
channel: #t1
|
||||||
msg: 'All finished at {{ ansible_date_time.iso8601 }}'
|
msg: 'All finished at {{ ansible_date_time.iso8601 }}'
|
||||||
color: red
|
color: red
|
||||||
|
@ -126,6 +146,8 @@ EXAMPLES = '''
|
||||||
module: irc
|
module: irc
|
||||||
port: 6669
|
port: 6669
|
||||||
server: irc.example.net
|
server: irc.example.net
|
||||||
|
use_tls: true
|
||||||
|
validate_certs: true
|
||||||
channel: #t1
|
channel: #t1
|
||||||
nick_to:
|
nick_to:
|
||||||
- nick1
|
- nick1
|
||||||
|
@ -150,7 +172,8 @@ from ansible.module_utils.basic import AnsibleModule
|
||||||
|
|
||||||
|
|
||||||
def send_msg(msg, server='localhost', port='6667', channel=None, nick_to=None, key=None, topic=None,
|
def send_msg(msg, server='localhost', port='6667', channel=None, nick_to=None, key=None, topic=None,
|
||||||
nick="ansible", color='none', passwd=False, timeout=30, use_ssl=False, part=True, style=None):
|
nick="ansible", color='none', passwd=False, timeout=30, use_tls=False, validate_certs=True,
|
||||||
|
part=True, style=None):
|
||||||
'''send message to IRC'''
|
'''send message to IRC'''
|
||||||
nick_to = [] if nick_to is None else nick_to
|
nick_to = [] if nick_to is None else nick_to
|
||||||
|
|
||||||
|
@ -194,14 +217,19 @@ def send_msg(msg, server='localhost', port='6667', channel=None, nick_to=None, k
|
||||||
message = styletext + colortext + msg
|
message = styletext + colortext + msg
|
||||||
|
|
||||||
irc = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
irc = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||||
if use_ssl:
|
if use_tls:
|
||||||
if getattr(ssl, 'PROTOCOL_TLS', None) is not None:
|
if validate_certs:
|
||||||
# Supported since Python 2.7.13
|
try:
|
||||||
context = ssl.SSLContext(ssl.PROTOCOL_TLS)
|
context = ssl.create_default_context()
|
||||||
|
except AttributeError:
|
||||||
|
raise Exception('Need at least Python 2.7.9 for SSL certificate validation')
|
||||||
else:
|
else:
|
||||||
context = ssl.SSLContext()
|
if getattr(ssl, 'PROTOCOL_TLS', None) is not None:
|
||||||
context.verify_mode = ssl.CERT_NONE
|
# Supported since Python 2.7.13
|
||||||
# TODO: create a secure context with `context = ssl.create_default_context()` instead!
|
context = ssl.SSLContext(ssl.PROTOCOL_TLS)
|
||||||
|
else:
|
||||||
|
context = ssl.SSLContext()
|
||||||
|
context.verify_mode = ssl.CERT_NONE
|
||||||
irc = context.wrap_socket(irc)
|
irc = context.wrap_socket(irc)
|
||||||
irc.connect((server, int(port)))
|
irc.connect((server, int(port)))
|
||||||
|
|
||||||
|
@ -282,7 +310,8 @@ def main():
|
||||||
passwd=dict(no_log=True),
|
passwd=dict(no_log=True),
|
||||||
timeout=dict(type='int', default=30),
|
timeout=dict(type='int', default=30),
|
||||||
part=dict(type='bool', default=True),
|
part=dict(type='bool', default=True),
|
||||||
use_ssl=dict(type='bool', default=False)
|
use_tls=dict(type='bool', default=False, aliases=['use_ssl']),
|
||||||
|
validate_certs=dict(type='bool', default=False),
|
||||||
),
|
),
|
||||||
supports_check_mode=True,
|
supports_check_mode=True,
|
||||||
required_one_of=[['channel', 'nick_to']]
|
required_one_of=[['channel', 'nick_to']]
|
||||||
|
@ -301,12 +330,13 @@ def main():
|
||||||
key = module.params["key"]
|
key = module.params["key"]
|
||||||
passwd = module.params["passwd"]
|
passwd = module.params["passwd"]
|
||||||
timeout = module.params["timeout"]
|
timeout = module.params["timeout"]
|
||||||
use_ssl = module.params["use_ssl"]
|
use_tls = module.params["use_tls"]
|
||||||
part = module.params["part"]
|
part = module.params["part"]
|
||||||
style = module.params["style"]
|
style = module.params["style"]
|
||||||
|
validate_certs = module.params["validate_certs"]
|
||||||
|
|
||||||
try:
|
try:
|
||||||
send_msg(msg, server, port, channel, nick_to, key, topic, nick, color, passwd, timeout, use_ssl, part, style)
|
send_msg(msg, server, port, channel, nick_to, key, topic, nick, color, passwd, timeout, use_tls, validate_certs, part, style)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
module.fail_json(msg="unable to send to IRC: %s" % to_native(e), exception=traceback.format_exc())
|
module.fail_json(msg="unable to send to IRC: %s" % to_native(e), exception=traceback.format_exc())
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue