1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Expose unredirected_headers on maven_artifact (#4812)

* Expose unredirected_headers to module

In some cases, when the initial request returns a redirect and we want
to follow it to get the artifact, we might not want to include certain
headers in the redirection request. Specially headers like
Authorization and Cookies.
Or perhaps the redirect server returns a 400 because it included some
unexpected headers.
Fetch url already supports this feature, but it was being shadowed by
maven_artifact. In here we just expose it.

* Fix Linting errors

* Applied Comments

 - Specified version added
 - Changed description of unredirected_headers

* Check for ansible version

If it's 2.11 or older, we ignore unredirected_headers, otherwise we use
it, as fetch_url has them

* Applied comments

- Removed duplicated code in the call of fetch_url. Used kwargs instead
- Added check if unredirected_params is not empty and the fetch_url
  function does not support it
- Changed function that checks for ansible version
- Removed unused import

* Remove 2.11 breaking change

Made default only for ansible-core version 2.12 and above, but for keep
it empty for ansible-core version 2.11 and below.
Also include the following changes:
  - change doc to use C() on the function description
  - changed doc to use ansible-core instead of Ansible

* Changes in description for readability

* Add changelog fragment

* Change description changelog fragment
This commit is contained in:
Raul Gabriel Verdi 2022-07-24 19:09:58 +09:00 committed by GitHub
parent 31ef6c914b
commit a2677fd051
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 32 additions and 1 deletions

View file

@ -0,0 +1,2 @@
minor_changes:
- maven_artifact - add a new ``unredirected_headers`` option that can be used with ansible-core 2.12 and above. The default value is to not use ``Authorization`` and ``Cookie`` headers on redirects for security reasons. With ansible-core 2.11, all headers are still passed on for redirects (https://github.com/ansible-collections/community.general/pull/4812).

View file

@ -150,6 +150,15 @@ options:
default: 'md5' default: 'md5'
choices: ['md5', 'sha1'] choices: ['md5', 'sha1']
version_added: 3.2.0 version_added: 3.2.0
unredirected_headers:
type: list
elements: str
version_added: 5.2.0
description:
- A list of headers that should not be included in the redirection. This headers are sent to the fetch_url C(fetch_url) function.
- On ansible-core version 2.12 or later, the default of this option is C([Authorization, Cookie]).
- Useful if the redirection URL does not need to have sensitive headers in the request.
- Requires ansible-core version 2.12 or later.
directory_mode: directory_mode:
type: str type: str
description: description:
@ -230,6 +239,7 @@ import tempfile
import traceback import traceback
import re import re
from ansible_collections.community.general.plugins.module_utils.version import LooseVersion
from ansible.module_utils.ansible_release import __version__ as ansible_version from ansible.module_utils.ansible_release import __version__ as ansible_version
from re import match from re import match
@ -509,7 +519,18 @@ class MavenDownloader:
self.module.params['url_password'] = self.module.params.get('password', '') self.module.params['url_password'] = self.module.params.get('password', '')
self.module.params['http_agent'] = self.user_agent self.module.params['http_agent'] = self.user_agent
response, info = fetch_url(self.module, url_to_use, timeout=req_timeout, headers=self.headers) kwargs = {}
if self.module.params['unredirected_headers']:
kwargs['unredirected_headers'] = self.module.params['unredirected_headers']
response, info = fetch_url(
self.module,
url_to_use,
timeout=req_timeout,
headers=self.headers,
**kwargs
)
if info['status'] == 200: if info['status'] == 200:
return response return response
if force: if force:
@ -614,12 +635,20 @@ def main():
keep_name=dict(required=False, default=False, type='bool'), keep_name=dict(required=False, default=False, type='bool'),
verify_checksum=dict(required=False, default='download', choices=['never', 'download', 'change', 'always']), verify_checksum=dict(required=False, default='download', choices=['never', 'download', 'change', 'always']),
checksum_alg=dict(required=False, default='md5', choices=['md5', 'sha1']), checksum_alg=dict(required=False, default='md5', choices=['md5', 'sha1']),
unredirected_headers=dict(type='list', elements='str', required=False),
directory_mode=dict(type='str'), directory_mode=dict(type='str'),
), ),
add_file_common_args=True, add_file_common_args=True,
mutually_exclusive=([('version', 'version_by_spec')]) mutually_exclusive=([('version', 'version_by_spec')])
) )
if LooseVersion(ansible_version) < LooseVersion("2.12") and module.params['unredirected_headers']:
module.fail_json(msg="Unredirected Headers parameter provided, but your ansible-core version does not support it. Minimum version is 2.12")
if LooseVersion(ansible_version) >= LooseVersion("2.12") and module.params['unredirected_headers'] is None:
# if the user did not supply unredirected params, we use the default, ONLY on ansible core 2.12 and above
module.params['unredirected_headers'] = ['Authorization', 'Cookie']
if not HAS_LXML_ETREE: if not HAS_LXML_ETREE:
module.fail_json(msg=missing_required_lib('lxml'), exception=LXML_ETREE_IMP_ERR) module.fail_json(msg=missing_required_lib('lxml'), exception=LXML_ETREE_IMP_ERR)