1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Merge pull request #5998 from jimi-c/issue_3978_boto_ssl_cert_validation

Adding 'validate_certs' option to EC2 modules
This commit is contained in:
James Cammarata 2014-02-13 14:42:30 -06:00
commit 0d79132757
12 changed files with 101 additions and 3 deletions

View file

@ -16,6 +16,7 @@ Major features/changes:
* acl module now handles 'default' and allows for either shorthand entry or specific fields per entry section * acl module now handles 'default' and allows for either shorthand entry or specific fields per entry section
* play_hosts is a new magic variable to provide a list of hosts in scope for the current play. * play_hosts is a new magic variable to provide a list of hosts in scope for the current play.
* ec2 module now accepts 'exact_count' and 'count_tag' as a way to enforce a running number of nodes by tags. * ec2 module now accepts 'exact_count' and 'count_tag' as a way to enforce a running number of nodes by tags.
* all ec2 modules that work with Eucalyptus also now support a 'validate_certs' option, which can be set to 'off' for installations using self-signed certs.
New modules: New modules:

View file

@ -1,3 +1,9 @@
try:
from distutils.version import LooseVersion
HAS_LOOSE_VERSION = True
except:
HAS_LOOSE_VERSION = False
AWS_REGIONS = ['ap-northeast-1', AWS_REGIONS = ['ap-northeast-1',
'ap-southeast-1', 'ap-southeast-1',
'ap-southeast-2', 'ap-southeast-2',
@ -14,6 +20,7 @@ def ec2_argument_spec():
ec2_url=dict(), ec2_url=dict(),
ec2_secret_key=dict(aliases=['aws_secret_key', 'secret_key'], no_log=True), ec2_secret_key=dict(aliases=['aws_secret_key', 'secret_key'], no_log=True),
ec2_access_key=dict(aliases=['aws_access_key', 'access_key']), ec2_access_key=dict(aliases=['aws_access_key', 'access_key']),
validate_certs=dict(default=True, type='bool'),
) )
@ -62,16 +69,23 @@ def ec2_connect(module):
""" Return an ec2 connection""" """ Return an ec2 connection"""
ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module) ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module)
validate_certs = module.get('validate_certs', True)
# If we have a region specified, connect to its endpoint. # If we have a region specified, connect to its endpoint.
if region: if region:
try: try:
if HAS_LOOSE_VERSION and LooseVersion(boto.Version) >= LooseVersion("2.6.0"):
ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key, validate_certs=validate_certs)
else:
ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key) ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key)
except boto.exception.NoAuthHandlerFound, e: except boto.exception.NoAuthHandlerFound, e:
module.fail_json(msg = str(e)) module.fail_json(msg = str(e))
# Otherwise, no region so we fallback to the old connection method # Otherwise, no region so we fallback to the old connection method
elif ec2_url: elif ec2_url:
try: try:
if HAS_LOOSE_VERSION and LooseVersion(boto.Version) >= LooseVersion("2.6.0"):
ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key, validate_certs=validate_certs)
else:
ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key) ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key)
except boto.exception.NoAuthHandlerFound, e: except boto.exception.NoAuthHandlerFound, e:
module.fail_json(msg = str(e)) module.fail_json(msg = str(e))

View file

@ -212,7 +212,14 @@ options:
required: false required: false
default: null default: null
aliases: [] aliases: []
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
author: Seth Vidal, Tim Gerla, Lester Wade author: Seth Vidal, Tim Gerla, Lester Wade

View file

@ -101,6 +101,14 @@ options:
required: false required: false
default: null default: null
aliases: [] aliases: []
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
author: Evan Duffield <eduffield@iacquire.com> author: Evan Duffield <eduffield@iacquire.com>

View file

@ -53,6 +53,15 @@ options:
required: false required: false
default: false default: false
version_added: "1.4" version_added: "1.4"
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
author: Lorin Hochstein <lorin@nimbisservices.com> author: Lorin Hochstein <lorin@nimbisservices.com>
notes: notes:

View file

@ -74,6 +74,14 @@ options:
required: false required: false
default: yes default: yes
choices: [ "yes", "no" ] choices: [ "yes", "no" ]
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
""" """

View file

@ -73,6 +73,14 @@ options:
- The AWS region to use. If not specified then the value of the EC2_REGION environment variable, if any, is used. - The AWS region to use. If not specified then the value of the EC2_REGION environment variable, if any, is used.
required: false required: false
aliases: ['aws_region', 'ec2_region'] aliases: ['aws_region', 'ec2_region']
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
""" """

View file

@ -57,6 +57,14 @@ options:
required: false required: false
default: 'present' default: 'present'
aliases: [] aliases: []
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
''' '''

View file

@ -48,6 +48,14 @@ options:
required: false required: false
default: 'present' default: 'present'
aliases: [] aliases: []
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
author: Vincent Viallet author: Vincent Viallet

View file

@ -59,6 +59,15 @@ options:
required: false required: false
default: null default: null
aliases: [] aliases: []
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
author: Lester Wade author: Lester Wade
''' '''

View file

@ -82,6 +82,15 @@ options:
- snapshot ID on which to base the volume - snapshot ID on which to base the volume
required: false required: false
default: null default: null
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
author: Lester Wade author: Lester Wade
''' '''

View file

@ -99,6 +99,15 @@ options:
required: false required: false
default: None default: None
aliases: ['ec2_access_key', 'access_key' ] aliases: ['ec2_access_key', 'access_key' ]
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
author: Carson Gee author: Carson Gee
''' '''