mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Merge pull request #5998 from jimi-c/issue_3978_boto_ssl_cert_validation
Adding 'validate_certs' option to EC2 modules
This commit is contained in:
commit
0d79132757
12 changed files with 101 additions and 3 deletions
|
@ -16,6 +16,7 @@ Major features/changes:
|
||||||
* acl module now handles 'default' and allows for either shorthand entry or specific fields per entry section
|
* acl module now handles 'default' and allows for either shorthand entry or specific fields per entry section
|
||||||
* play_hosts is a new magic variable to provide a list of hosts in scope for the current play.
|
* play_hosts is a new magic variable to provide a list of hosts in scope for the current play.
|
||||||
* ec2 module now accepts 'exact_count' and 'count_tag' as a way to enforce a running number of nodes by tags.
|
* ec2 module now accepts 'exact_count' and 'count_tag' as a way to enforce a running number of nodes by tags.
|
||||||
|
* all ec2 modules that work with Eucalyptus also now support a 'validate_certs' option, which can be set to 'off' for installations using self-signed certs.
|
||||||
|
|
||||||
|
|
||||||
New modules:
|
New modules:
|
||||||
|
|
|
@ -1,3 +1,9 @@
|
||||||
|
try:
|
||||||
|
from distutils.version import LooseVersion
|
||||||
|
HAS_LOOSE_VERSION = True
|
||||||
|
except:
|
||||||
|
HAS_LOOSE_VERSION = False
|
||||||
|
|
||||||
AWS_REGIONS = ['ap-northeast-1',
|
AWS_REGIONS = ['ap-northeast-1',
|
||||||
'ap-southeast-1',
|
'ap-southeast-1',
|
||||||
'ap-southeast-2',
|
'ap-southeast-2',
|
||||||
|
@ -14,6 +20,7 @@ def ec2_argument_spec():
|
||||||
ec2_url=dict(),
|
ec2_url=dict(),
|
||||||
ec2_secret_key=dict(aliases=['aws_secret_key', 'secret_key'], no_log=True),
|
ec2_secret_key=dict(aliases=['aws_secret_key', 'secret_key'], no_log=True),
|
||||||
ec2_access_key=dict(aliases=['aws_access_key', 'access_key']),
|
ec2_access_key=dict(aliases=['aws_access_key', 'access_key']),
|
||||||
|
validate_certs=dict(default=True, type='bool'),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@ -62,16 +69,23 @@ def ec2_connect(module):
|
||||||
""" Return an ec2 connection"""
|
""" Return an ec2 connection"""
|
||||||
|
|
||||||
ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module)
|
ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module)
|
||||||
|
validate_certs = module.get('validate_certs', True)
|
||||||
|
|
||||||
# If we have a region specified, connect to its endpoint.
|
# If we have a region specified, connect to its endpoint.
|
||||||
if region:
|
if region:
|
||||||
try:
|
try:
|
||||||
|
if HAS_LOOSE_VERSION and LooseVersion(boto.Version) >= LooseVersion("2.6.0"):
|
||||||
|
ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key, validate_certs=validate_certs)
|
||||||
|
else:
|
||||||
ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key)
|
ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key)
|
||||||
except boto.exception.NoAuthHandlerFound, e:
|
except boto.exception.NoAuthHandlerFound, e:
|
||||||
module.fail_json(msg = str(e))
|
module.fail_json(msg = str(e))
|
||||||
# Otherwise, no region so we fallback to the old connection method
|
# Otherwise, no region so we fallback to the old connection method
|
||||||
elif ec2_url:
|
elif ec2_url:
|
||||||
try:
|
try:
|
||||||
|
if HAS_LOOSE_VERSION and LooseVersion(boto.Version) >= LooseVersion("2.6.0"):
|
||||||
|
ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key, validate_certs=validate_certs)
|
||||||
|
else:
|
||||||
ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key)
|
ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key)
|
||||||
except boto.exception.NoAuthHandlerFound, e:
|
except boto.exception.NoAuthHandlerFound, e:
|
||||||
module.fail_json(msg = str(e))
|
module.fail_json(msg = str(e))
|
||||||
|
|
|
@ -212,7 +212,14 @@ options:
|
||||||
required: false
|
required: false
|
||||||
default: null
|
default: null
|
||||||
aliases: []
|
aliases: []
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
|
||||||
|
required: false
|
||||||
|
default: "yes"
|
||||||
|
choices: ["yes", "no"]
|
||||||
|
aliases: []
|
||||||
|
version_added: "1.5"
|
||||||
|
|
||||||
requirements: [ "boto" ]
|
requirements: [ "boto" ]
|
||||||
author: Seth Vidal, Tim Gerla, Lester Wade
|
author: Seth Vidal, Tim Gerla, Lester Wade
|
||||||
|
|
|
@ -101,6 +101,14 @@ options:
|
||||||
required: false
|
required: false
|
||||||
default: null
|
default: null
|
||||||
aliases: []
|
aliases: []
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
|
||||||
|
required: false
|
||||||
|
default: "yes"
|
||||||
|
choices: ["yes", "no"]
|
||||||
|
aliases: []
|
||||||
|
version_added: "1.5"
|
||||||
|
|
||||||
requirements: [ "boto" ]
|
requirements: [ "boto" ]
|
||||||
author: Evan Duffield <eduffield@iacquire.com>
|
author: Evan Duffield <eduffield@iacquire.com>
|
||||||
|
|
|
@ -53,6 +53,15 @@ options:
|
||||||
required: false
|
required: false
|
||||||
default: false
|
default: false
|
||||||
version_added: "1.4"
|
version_added: "1.4"
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
|
||||||
|
required: false
|
||||||
|
default: "yes"
|
||||||
|
choices: ["yes", "no"]
|
||||||
|
aliases: []
|
||||||
|
version_added: "1.5"
|
||||||
|
|
||||||
requirements: [ "boto" ]
|
requirements: [ "boto" ]
|
||||||
author: Lorin Hochstein <lorin@nimbisservices.com>
|
author: Lorin Hochstein <lorin@nimbisservices.com>
|
||||||
notes:
|
notes:
|
||||||
|
|
|
@ -74,6 +74,14 @@ options:
|
||||||
required: false
|
required: false
|
||||||
default: yes
|
default: yes
|
||||||
choices: [ "yes", "no" ]
|
choices: [ "yes", "no" ]
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
|
||||||
|
required: false
|
||||||
|
default: "yes"
|
||||||
|
choices: ["yes", "no"]
|
||||||
|
aliases: []
|
||||||
|
version_added: "1.5"
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
|
|
@ -73,6 +73,14 @@ options:
|
||||||
- The AWS region to use. If not specified then the value of the EC2_REGION environment variable, if any, is used.
|
- The AWS region to use. If not specified then the value of the EC2_REGION environment variable, if any, is used.
|
||||||
required: false
|
required: false
|
||||||
aliases: ['aws_region', 'ec2_region']
|
aliases: ['aws_region', 'ec2_region']
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
|
||||||
|
required: false
|
||||||
|
default: "yes"
|
||||||
|
choices: ["yes", "no"]
|
||||||
|
aliases: []
|
||||||
|
version_added: "1.5"
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
|
|
@ -57,6 +57,14 @@ options:
|
||||||
required: false
|
required: false
|
||||||
default: 'present'
|
default: 'present'
|
||||||
aliases: []
|
aliases: []
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
|
||||||
|
required: false
|
||||||
|
default: "yes"
|
||||||
|
choices: ["yes", "no"]
|
||||||
|
aliases: []
|
||||||
|
version_added: "1.5"
|
||||||
|
|
||||||
requirements: [ "boto" ]
|
requirements: [ "boto" ]
|
||||||
'''
|
'''
|
||||||
|
|
|
@ -48,6 +48,14 @@ options:
|
||||||
required: false
|
required: false
|
||||||
default: 'present'
|
default: 'present'
|
||||||
aliases: []
|
aliases: []
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
|
||||||
|
required: false
|
||||||
|
default: "yes"
|
||||||
|
choices: ["yes", "no"]
|
||||||
|
aliases: []
|
||||||
|
version_added: "1.5"
|
||||||
|
|
||||||
requirements: [ "boto" ]
|
requirements: [ "boto" ]
|
||||||
author: Vincent Viallet
|
author: Vincent Viallet
|
||||||
|
|
|
@ -59,6 +59,15 @@ options:
|
||||||
required: false
|
required: false
|
||||||
default: null
|
default: null
|
||||||
aliases: []
|
aliases: []
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
|
||||||
|
required: false
|
||||||
|
default: "yes"
|
||||||
|
choices: ["yes", "no"]
|
||||||
|
aliases: []
|
||||||
|
version_added: "1.5"
|
||||||
|
|
||||||
requirements: [ "boto" ]
|
requirements: [ "boto" ]
|
||||||
author: Lester Wade
|
author: Lester Wade
|
||||||
'''
|
'''
|
||||||
|
|
|
@ -82,6 +82,15 @@ options:
|
||||||
- snapshot ID on which to base the volume
|
- snapshot ID on which to base the volume
|
||||||
required: false
|
required: false
|
||||||
default: null
|
default: null
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
|
||||||
|
required: false
|
||||||
|
default: "yes"
|
||||||
|
choices: ["yes", "no"]
|
||||||
|
aliases: []
|
||||||
|
version_added: "1.5"
|
||||||
|
|
||||||
requirements: [ "boto" ]
|
requirements: [ "boto" ]
|
||||||
author: Lester Wade
|
author: Lester Wade
|
||||||
'''
|
'''
|
||||||
|
|
|
@ -99,6 +99,15 @@ options:
|
||||||
required: false
|
required: false
|
||||||
default: None
|
default: None
|
||||||
aliases: ['ec2_access_key', 'access_key' ]
|
aliases: ['ec2_access_key', 'access_key' ]
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
|
||||||
|
required: false
|
||||||
|
default: "yes"
|
||||||
|
choices: ["yes", "no"]
|
||||||
|
aliases: []
|
||||||
|
version_added: "1.5"
|
||||||
|
|
||||||
requirements: [ "boto" ]
|
requirements: [ "boto" ]
|
||||||
author: Carson Gee
|
author: Carson Gee
|
||||||
'''
|
'''
|
||||||
|
|
Loading…
Reference in a new issue