From 056d54ebd344178db96c9d10b40394b593e3bdda Mon Sep 17 00:00:00 2001
From: James Cammarata <jcammarata@ansibleworks.com>
Date: Thu, 13 Feb 2014 12:12:08 -0600
Subject: [PATCH] Adding 'validate_certs' option to EC2 modules

When disabled, the boto connection will be instantiated without validating
the SSL certificate from the target endpoint. This allows the modules to connect
to Eucalyptus instances running with self-signed certs without errors.

Fixes #3978
---
 lib/ansible/module_utils/ec2.py | 18 ++++++++++++++++--
 library/cloud/cloudformation    |  8 ++++++++
 library/cloud/ec2               |  9 ++++++++-
 library/cloud/ec2_ami           |  8 ++++++++
 library/cloud/ec2_eip           |  9 +++++++++
 library/cloud/ec2_elb           |  8 ++++++++
 library/cloud/ec2_elb_lb        |  8 ++++++++
 library/cloud/ec2_group         |  8 ++++++++
 library/cloud/ec2_key           |  8 ++++++++
 library/cloud/ec2_tag           |  9 +++++++++
 library/cloud/ec2_vol           |  9 +++++++++
 library/cloud/ec2_vpc           |  9 +++++++++
 12 files changed, 108 insertions(+), 3 deletions(-)

diff --git a/lib/ansible/module_utils/ec2.py b/lib/ansible/module_utils/ec2.py
index bbcd30be21..2bdfe35afe 100644
--- a/lib/ansible/module_utils/ec2.py
+++ b/lib/ansible/module_utils/ec2.py
@@ -1,3 +1,9 @@
+try:
+    from distutils.version import LooseVersion
+    HAS_LOOSE_VERSION = True
+except:
+    HAS_LOOSE_VERSION = False
+
 AWS_REGIONS = ['ap-northeast-1',
                'ap-southeast-1',
                'ap-southeast-2',
@@ -14,6 +20,7 @@ def ec2_argument_spec():
         ec2_url=dict(),
         ec2_secret_key=dict(aliases=['aws_secret_key', 'secret_key'], no_log=True),
         ec2_access_key=dict(aliases=['aws_access_key', 'access_key']),
+        validate_certs=dict(default=True, type='bool'),
     )
 
 
@@ -62,17 +69,24 @@ def ec2_connect(module):
     """ Return an ec2 connection"""
 
     ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module)
+    validate_certs = module.get('validate_certs', True)
 
     # If we have a region specified, connect to its endpoint.
     if region:
         try:
-            ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key)
+            if HAS_LOOSE_VERSION and LooseVersion(boto.Version) >= LooseVersion("2.6.0"):
+                ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key, validate_certs=validate_certs)
+            else:
+                ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key)
         except boto.exception.NoAuthHandlerFound, e:
             module.fail_json(msg = str(e))
     # Otherwise, no region so we fallback to the old connection method
     elif ec2_url:
         try:
-            ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key)
+            if HAS_LOOSE_VERSION and LooseVersion(boto.Version) >= LooseVersion("2.6.0"):
+                ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key, validate_certs=validate_certs)
+            else:
+                ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key)
         except boto.exception.NoAuthHandlerFound, e:
             module.fail_json(msg = str(e))
     else:
diff --git a/library/cloud/cloudformation b/library/cloud/cloudformation
index e072f3923f..606458b3f3 100644
--- a/library/cloud/cloudformation
+++ b/library/cloud/cloudformation
@@ -88,6 +88,14 @@ options:
     required: false
     aliases: ['aws_region', 'ec2_region']
     version_added: "1.5"
+  validate_certs:
+    description:
+      - When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
+    required: false
+    default: "yes"
+    choices: ["yes", "no"]
+    aliases: []
+    version_added: "1.5"
 
 requirements: [ "boto" ]
 author: James S. Martin
diff --git a/library/cloud/ec2 b/library/cloud/ec2
index 1b22496c8e..e590b40fbd 100644
--- a/library/cloud/ec2
+++ b/library/cloud/ec2
@@ -212,7 +212,14 @@ options:
     required: false
     default: null
     aliases: []
-       
+  validate_certs:
+    description:
+      - When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
+    required: false
+    default: "yes"
+    choices: ["yes", "no"]
+    aliases: []
+    version_added: "1.5"
 
 requirements: [ "boto" ]
 author: Seth Vidal, Tim Gerla, Lester Wade
diff --git a/library/cloud/ec2_ami b/library/cloud/ec2_ami
index a6e449cbce..ae2eca4fa4 100644
--- a/library/cloud/ec2_ami
+++ b/library/cloud/ec2_ami
@@ -101,6 +101,14 @@ options:
     required: false
     default: null
     aliases: []
+  validate_certs:
+    description:
+      - When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
+    required: false
+    default: "yes"
+    choices: ["yes", "no"]
+    aliases: []
+    version_added: "1.5"
 
 requirements: [ "boto" ]
 author: Evan Duffield <eduffield@iacquire.com>
diff --git a/library/cloud/ec2_eip b/library/cloud/ec2_eip
index ab6056ae4a..de041f4222 100644
--- a/library/cloud/ec2_eip
+++ b/library/cloud/ec2_eip
@@ -53,6 +53,15 @@ options:
     required: false
     default: false
     version_added: "1.4"
+  validate_certs:
+    description:
+      - When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
+    required: false
+    default: "yes"
+    choices: ["yes", "no"]
+    aliases: []
+    version_added: "1.5"
+
 requirements: [ "boto" ]
 author: Lorin Hochstein <lorin@nimbisservices.com>
 notes:
diff --git a/library/cloud/ec2_elb b/library/cloud/ec2_elb
index 1927d6c3a7..c6f4a72b0e 100644
--- a/library/cloud/ec2_elb
+++ b/library/cloud/ec2_elb
@@ -74,6 +74,14 @@ options:
     required: false
     default: yes
     choices: [ "yes", "no" ] 
+  validate_certs:
+    description:
+      - When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
+    required: false
+    default: "yes"
+    choices: ["yes", "no"]
+    aliases: []
+    version_added: "1.5"
 
 """
 
diff --git a/library/cloud/ec2_elb_lb b/library/cloud/ec2_elb_lb
index 5e4db144c8..f7d23631bc 100644
--- a/library/cloud/ec2_elb_lb
+++ b/library/cloud/ec2_elb_lb
@@ -73,6 +73,14 @@ options:
       - The AWS region to use. If not specified then the value of the EC2_REGION environment variable, if any, is used.
     required: false
     aliases: ['aws_region', 'ec2_region']
+  validate_certs:
+    description:
+      - When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
+    required: false
+    default: "yes"
+    choices: ["yes", "no"]
+    aliases: []
+    version_added: "1.5"
 
 """
 
diff --git a/library/cloud/ec2_group b/library/cloud/ec2_group
index 552f6a503e..34d9b16124 100644
--- a/library/cloud/ec2_group
+++ b/library/cloud/ec2_group
@@ -57,6 +57,14 @@ options:
     required: false
     default: 'present'
     aliases: []
+  validate_certs:
+    description:
+      - When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
+    required: false
+    default: "yes"
+    choices: ["yes", "no"]
+    aliases: []
+    version_added: "1.5"
 
 requirements: [ "boto" ]
 '''
diff --git a/library/cloud/ec2_key b/library/cloud/ec2_key
index e3bcbec50c..5e6950d2c8 100644
--- a/library/cloud/ec2_key
+++ b/library/cloud/ec2_key
@@ -48,6 +48,14 @@ options:
     required: false
     default: 'present'
     aliases: []
+  validate_certs:
+    description:
+      - When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
+    required: false
+    default: "yes"
+    choices: ["yes", "no"]
+    aliases: []
+    version_added: "1.5"
 
 requirements: [ "boto" ]
 author: Vincent Viallet
diff --git a/library/cloud/ec2_tag b/library/cloud/ec2_tag
index 1bdcd404f5..ca5a337646 100644
--- a/library/cloud/ec2_tag
+++ b/library/cloud/ec2_tag
@@ -59,6 +59,15 @@ options:
     required: false
     default: null
     aliases: []
+  validate_certs:
+    description:
+      - When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
+    required: false
+    default: "yes"
+    choices: ["yes", "no"]
+    aliases: []
+    version_added: "1.5"
+
 requirements: [ "boto" ]
 author: Lester Wade
 '''
diff --git a/library/cloud/ec2_vol b/library/cloud/ec2_vol
index 815460f5e6..bdd2eae382 100644
--- a/library/cloud/ec2_vol
+++ b/library/cloud/ec2_vol
@@ -82,6 +82,15 @@ options:
       - snapshot ID on which to base the volume
     required: false
     default: null
+  validate_certs:
+    description:
+      - When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
+    required: false
+    default: "yes"
+    choices: ["yes", "no"]
+    aliases: []
+    version_added: "1.5"
+
 requirements: [ "boto" ]
 author: Lester Wade
 '''
diff --git a/library/cloud/ec2_vpc b/library/cloud/ec2_vpc
index d50bed4bcb..7671e6314f 100644
--- a/library/cloud/ec2_vpc
+++ b/library/cloud/ec2_vpc
@@ -99,6 +99,15 @@ options:
     required: false
     default: None
     aliases: ['ec2_access_key', 'access_key' ]
+  validate_certs:
+    description:
+      - When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
+    required: false
+    default: "yes"
+    choices: ["yes", "no"]
+    aliases: []
+    version_added: "1.5"
+
 requirements: [ "boto" ]
 author: Carson Gee
 '''