diff --git a/lib/ansible/module_utils/ansible_tower.py b/lib/ansible/module_utils/ansible_tower.py index 9caf3e3e65..a0aed73a54 100644 --- a/lib/ansible/module_utils/ansible_tower.py +++ b/lib/ansible/module_utils/ansible_tower.py @@ -47,7 +47,7 @@ def tower_auth_config(module): '''tower_auth_config attempts to load the tower-cli.cfg file specified from the `tower_config_file` parameter. If found, if returns the contents of the file as a dictionary, else - it will attempt to fetch values from the module pararms and + it will attempt to fetch values from the module params and only pass those values that have been set. ''' config_file = module.params.pop('tower_config_file', None) @@ -92,7 +92,7 @@ class TowerModule(AnsibleModule): tower_host=dict(), tower_username=dict(), tower_password=dict(no_log=True), - tower_verify_ssl=dict(type='bool', default=True), + tower_verify_ssl=dict(type='bool'), tower_config_file=dict(type='path'), ) args.update(argument_spec) diff --git a/lib/ansible/plugins/doc_fragments/tower.py b/lib/ansible/plugins/doc_fragments/tower.py index 8e51af57c3..9c5b07adf1 100644 --- a/lib/ansible/plugins/doc_fragments/tower.py +++ b/lib/ansible/plugins/doc_fragments/tower.py @@ -36,7 +36,6 @@ options: - Dis/allow insecure connections to Tower. If C(no), SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates. type: bool - default: 'yes' tower_config_file: description: - Path to the Tower config file. See notes. diff --git a/test/integration/targets/tower_common/aliases b/test/integration/targets/tower_common/aliases new file mode 100644 index 0000000000..229eebe6c9 --- /dev/null +++ b/test/integration/targets/tower_common/aliases @@ -0,0 +1,2 @@ +cloud/tower +shippable/tower/group1 diff --git a/test/integration/targets/tower_common/tasks/main.yml b/test/integration/targets/tower_common/tasks/main.yml new file mode 100644 index 0000000000..3618ad8595 --- /dev/null +++ b/test/integration/targets/tower_common/tasks/main.yml @@ -0,0 +1,51 @@ +# Test behaviour common to all tower modules +- name: Check that SSL is available + tower_organization: + name: Default + environment: + TOWER_HOST: "https://{{ lookup('env', 'TOWER_HOST') }}" + register: result + +- name: Check we haven't changed anything + assert: + that: result is not changed + +- name: Check that SSL is available and verify_ssl is enabled (task must fail) + tower_organization: + name: Default + environment: + TOWER_HOST: "https://{{ lookup('env', 'TOWER_HOST') }}" + TOWER_CERTIFICATE: /dev/null # force check failure + ignore_errors: true + register: check_ssl_is_used + +- name: Check that connection failed + assert: + that: + - check_ssl_is_used is failed + - > + 'Could not establish a secure connection' in check_ssl_is_used.module_stderr + or 'OpenSSL.SSL.Error' in check_ssl_is_used.module_stderr + # 'Could not establish a secure connection': when pyOpenSSL isn't available + # 'OpenSSL.SSL.Error': with pyOpenSSL, see https://github.com/urllib3/urllib3/pull/1517 + +- name: Disable verify_ssl in ~/.tower_cli.cfg + copy: + dest: ~/.tower_cli.cfg + content: | + [general] + verify_ssl = False + force: false # ensure remote file doesn't exist + +- block: + - name: Check that verify_ssl is disabled (task must not fail) + tower_organization: + name: Default + environment: + TOWER_HOST: "https://{{ lookup('env', 'TOWER_HOST') }}" + TOWER_CERTIFICATE: /dev/null # should not fail because verify_ssl is disabled + always: + - name: Delete ~/.tower_cli.cfg + file: + path: ~/.tower_cli.cfg + state: absent