1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

[splunk] Add an option to not fail when the certificate is not valid (#596)

* [splunk] Add an option to not fail when the certificate is not valid

Add an boolean option validate_certs to not validate the certificate of
the HTTP Event Collector.

* Add changelog

* Fix using tabs indentation

* Fix post-review - fix changelog and version of the parameter

Co-authored-by: Baptiste Mille-Mathias <baptiste.millemathias@gmail.com>
This commit is contained in:
Baptiste Mille-Mathias 2020-06-29 16:14:44 +02:00 committed by GitHub
parent 097aebadb0
commit a7a74a6eb7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 28 additions and 3 deletions

View file

@ -0,0 +1,2 @@
minor_changes:
- splunk callback - add an option to allow not to validate certificate from HEC (https://github.com/ansible-collections/community.general/pull/596).

View file

@ -45,6 +45,18 @@ DOCUMENTATION = '''
ini: ini:
- section: callback_splunk - section: callback_splunk
key: authtoken key: authtoken
validate_certs:
description: Whether to validate certificates for connections to HEC. It is not recommended to set to
C(false) except when you are sure that nobody can intercept the connection
between this plugin and HEC, as setting it to C(false) allows man-in-the-middle attacks!
env:
- name: SPLUNK_VALIDATE_CERTS
ini:
- section: callback_splunk
key: validate_certs
type: bool
default: true
version_added: '1.0.0'
''' '''
EXAMPLES = ''' EXAMPLES = '''
@ -84,7 +96,7 @@ class SplunkHTTPCollectorSource(object):
self.ip_address = socket.gethostbyname(socket.gethostname()) self.ip_address = socket.gethostbyname(socket.gethostname())
self.user = getpass.getuser() self.user = getpass.getuser()
def send_event(self, url, authtoken, state, result, runtime): def send_event(self, url, authtoken, validate_certs, state, result, runtime):
if result._task_fields['args'].get('_ansible_check_mode') is True: if result._task_fields['args'].get('_ansible_check_mode') is True:
self.ansible_check_mode = True self.ansible_check_mode = True
@ -129,7 +141,8 @@ class SplunkHTTPCollectorSource(object):
'Content-type': 'application/json', 'Content-type': 'application/json',
'Authorization': 'Splunk ' + authtoken 'Authorization': 'Splunk ' + authtoken
}, },
method='POST' method='POST',
validate_certs=validate_certs
) )
@ -144,6 +157,7 @@ class CallbackModule(CallbackBase):
self.start_datetimes = {} # Collect task start times self.start_datetimes = {} # Collect task start times
self.url = None self.url = None
self.authtoken = None self.authtoken = None
self.validate_certs = None
self.splunk = SplunkHTTPCollectorSource() self.splunk = SplunkHTTPCollectorSource()
def _runtime(self, result): def _runtime(self, result):
@ -153,7 +167,9 @@ class CallbackModule(CallbackBase):
).total_seconds() ).total_seconds()
def set_options(self, task_keys=None, var_options=None, direct=None): def set_options(self, task_keys=None, var_options=None, direct=None):
super(CallbackModule, self).set_options(task_keys=task_keys, var_options=var_options, direct=direct) super(CallbackModule, self).set_options(task_keys=task_keys,
var_options=var_options,
direct=direct)
self.url = self.get_option('url') self.url = self.get_option('url')
@ -175,6 +191,8 @@ class CallbackModule(CallbackBase):
'`SPLUNK_AUTHTOKEN` environment variable or ' '`SPLUNK_AUTHTOKEN` environment variable or '
'in the ansible.cfg file.') 'in the ansible.cfg file.')
self.validate_certs = self.get_option('validate_certs')
def v2_playbook_on_start(self, playbook): def v2_playbook_on_start(self, playbook):
self.splunk.ansible_playbook = basename(playbook._file_name) self.splunk.ansible_playbook = basename(playbook._file_name)
@ -188,6 +206,7 @@ class CallbackModule(CallbackBase):
self.splunk.send_event( self.splunk.send_event(
self.url, self.url,
self.authtoken, self.authtoken,
self.validate_certs,
'OK', 'OK',
result, result,
self._runtime(result) self._runtime(result)
@ -197,6 +216,7 @@ class CallbackModule(CallbackBase):
self.splunk.send_event( self.splunk.send_event(
self.url, self.url,
self.authtoken, self.authtoken,
self.validate_certs,
'SKIPPED', 'SKIPPED',
result, result,
self._runtime(result) self._runtime(result)
@ -206,6 +226,7 @@ class CallbackModule(CallbackBase):
self.splunk.send_event( self.splunk.send_event(
self.url, self.url,
self.authtoken, self.authtoken,
self.validate_certs,
'FAILED', 'FAILED',
result, result,
self._runtime(result) self._runtime(result)
@ -215,6 +236,7 @@ class CallbackModule(CallbackBase):
self.splunk.send_event( self.splunk.send_event(
self.url, self.url,
self.authtoken, self.authtoken,
self.validate_certs,
'FAILED', 'FAILED',
result, result,
self._runtime(result) self._runtime(result)
@ -224,6 +246,7 @@ class CallbackModule(CallbackBase):
self.splunk.send_event( self.splunk.send_event(
self.url, self.url,
self.authtoken, self.authtoken,
self.validate_certs,
'UNREACHABLE', 'UNREACHABLE',
result, result,
self._runtime(result) self._runtime(result)