From 30c155e25063ee36c45239ec8464da26a8ddede9 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Wed, 20 Dec 2023 07:22:45 +0100 Subject: [PATCH] irc: deprecate default 'false' for validate_certs and use_tls (#7578) * Deprecate default 'false' for validate_certs and use_tls. * Fix PR number. --- changelogs/fragments/7578-irc-tls.yml | 4 ++++ plugins/modules/irc.py | 31 +++++++++++++++++++++++---- 2 files changed, 31 insertions(+), 4 deletions(-) create mode 100644 changelogs/fragments/7578-irc-tls.yml diff --git a/changelogs/fragments/7578-irc-tls.yml b/changelogs/fragments/7578-irc-tls.yml new file mode 100644 index 0000000000..a7fcbbca29 --- /dev/null +++ b/changelogs/fragments/7578-irc-tls.yml @@ -0,0 +1,4 @@ +deprecated_features: + - "irc - the defaults ``false`` for ``use_tls`` and ``validate_certs`` have been deprecated and will change to ``true`` in community.general 10.0.0 + to improve security. You can already improve security now by explicitly setting them to ``true``. Specifying values now disables the deprecation + warning (https://github.com/ansible-collections/community.general/pull/7578)." diff --git a/plugins/modules/irc.py b/plugins/modules/irc.py index 00ff299ee7..e40ba2d0ba 100644 --- a/plugins/modules/irc.py +++ b/plugins/modules/irc.py @@ -85,8 +85,10 @@ options: was exlusively called O(use_ssl). The latter is now an alias of O(use_tls). - B(Note:) for security reasons, you should always set O(use_tls=true) and O(validate_certs=true) whenever possible. + - The option currently defaults to V(false). The default has been B(deprecated) and will + change to V(true) in community.general 10.0.0. To avoid deprecation warnings, explicitly + set this option to a value (preferably V(true)). type: bool - default: false aliases: - use_ssl part: @@ -108,7 +110,9 @@ options: if the network between between Ansible and the IRC server is known to be safe. - B(Note:) for security reasons, you should always set O(use_tls=true) and O(validate_certs=true) whenever possible. - default: false + - The option currently defaults to V(false). The default has been B(deprecated) and will + change to V(true) in community.general 10.0.0. To avoid deprecation warnings, explicitly + set this option to a value (preferably V(true)). type: bool version_added: 8.1.0 @@ -309,8 +313,8 @@ def main(): passwd=dict(no_log=True), timeout=dict(type='int', default=30), part=dict(type='bool', default=True), - use_tls=dict(type='bool', default=False, aliases=['use_ssl']), - validate_certs=dict(type='bool', default=False), + use_tls=dict(type='bool', aliases=['use_ssl']), + validate_certs=dict(type='bool'), ), supports_check_mode=True, required_one_of=[['channel', 'nick_to']] @@ -334,6 +338,25 @@ def main(): style = module.params["style"] validate_certs = module.params["validate_certs"] + if use_tls is None: + module.deprecate( + 'The default of use_tls will change to true in community.general 10.0.0.' + ' Set a value now (preferably true, if possible) to avoid the deprecation warning.', + version='10.0.0', + collection_name='community.general', + ) + use_tls = False + + if validate_certs is None: + if use_tls: + module.deprecate( + 'The default of validate_certs will change to true in community.general 10.0.0.' + ' Set a value now (prefarably true, if possible) to avoid the deprecation warning.', + version='10.0.0', + collection_name='community.general', + ) + validate_certs = False + try: send_msg(msg, server, port, channel, nick_to, key, topic, nick, color, passwd, timeout, use_tls, validate_certs, part, style) except Exception as e: