1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

rhn_channel: Add validate_certs parameter (#79)

Provide parameter to override HTTPS verification.

Fixes: ansible/ansible#68374

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
This commit is contained in:
Abhijeet Kasurde 2020-03-31 12:17:20 +05:30 committed by GitHub
parent 273a678771
commit 50f8477dbc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 27 additions and 1 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- Add validate_certs in rhn_channel module (https://github.com/ansible/ansible/issues/68374).

View file

@ -46,6 +46,14 @@ options:
description:
- RHN/Satellite password.
required: true
validate_certs:
description:
- If C(False), SSL certificates will not be validated.
- This should only set to C(False) when used on self controlled sites
using self-signed certificates, and you are absolutely sure that nobody
can modify traffic between the module and the site.
type: bool
default: true
'''
EXAMPLES = '''
@ -58,6 +66,7 @@ EXAMPLES = '''
delegate_to: localhost
'''
import ssl
from ansible.module_utils._text import to_text
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.six.moves import xmlrpc_client
@ -103,6 +112,7 @@ def main():
url=dict(type='str', required=True),
user=dict(type='str', required=True),
password=dict(type='str', required=True, aliases=['pwd'], no_log=True),
validate_certs=dict(type='bool', default=True),
)
)
@ -112,9 +122,23 @@ def main():
saturl = module.params['url']
user = module.params['user']
password = module.params['password']
validate_certs = module.params['validate_certs']
ssl_context = None
if not validate_certs:
try: # Python 2.7.9 and newer
ssl_context = ssl.create_unverified_context()
except AttributeError: # Legacy Python that doesn't verify HTTPS certificates by default
ssl._create_default_context = ssl._create_unverified_context
else: # Python 2.7.8 and older
ssl._create_default_https_context = ssl._create_unverified_https_context
# initialize connection
client = xmlrpc_client.ServerProxy(saturl)
if ssl_context:
client = xmlrpc_client.ServerProxy(saturl, context=ssl_context)
else:
client = xmlrpc_client.Server(saturl)
try:
session = client.auth.login(user, password)
except Exception as e: