mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
[splunk] Add an option to not fail when the certificate is not valid (#596)
* [splunk] Add an option to not fail when the certificate is not valid Add an boolean option validate_certs to not validate the certificate of the HTTP Event Collector. * Add changelog * Fix using tabs indentation * Fix post-review - fix changelog and version of the parameter Co-authored-by: Baptiste Mille-Mathias <baptiste.millemathias@gmail.com>
This commit is contained in:
parent
097aebadb0
commit
a7a74a6eb7
2 changed files with 28 additions and 3 deletions
|
@ -0,0 +1,2 @@
|
||||||
|
minor_changes:
|
||||||
|
- splunk callback - add an option to allow not to validate certificate from HEC (https://github.com/ansible-collections/community.general/pull/596).
|
|
@ -45,6 +45,18 @@ DOCUMENTATION = '''
|
||||||
ini:
|
ini:
|
||||||
- section: callback_splunk
|
- section: callback_splunk
|
||||||
key: authtoken
|
key: authtoken
|
||||||
|
validate_certs:
|
||||||
|
description: Whether to validate certificates for connections to HEC. It is not recommended to set to
|
||||||
|
C(false) except when you are sure that nobody can intercept the connection
|
||||||
|
between this plugin and HEC, as setting it to C(false) allows man-in-the-middle attacks!
|
||||||
|
env:
|
||||||
|
- name: SPLUNK_VALIDATE_CERTS
|
||||||
|
ini:
|
||||||
|
- section: callback_splunk
|
||||||
|
key: validate_certs
|
||||||
|
type: bool
|
||||||
|
default: true
|
||||||
|
version_added: '1.0.0'
|
||||||
'''
|
'''
|
||||||
|
|
||||||
EXAMPLES = '''
|
EXAMPLES = '''
|
||||||
|
@ -84,7 +96,7 @@ class SplunkHTTPCollectorSource(object):
|
||||||
self.ip_address = socket.gethostbyname(socket.gethostname())
|
self.ip_address = socket.gethostbyname(socket.gethostname())
|
||||||
self.user = getpass.getuser()
|
self.user = getpass.getuser()
|
||||||
|
|
||||||
def send_event(self, url, authtoken, state, result, runtime):
|
def send_event(self, url, authtoken, validate_certs, state, result, runtime):
|
||||||
if result._task_fields['args'].get('_ansible_check_mode') is True:
|
if result._task_fields['args'].get('_ansible_check_mode') is True:
|
||||||
self.ansible_check_mode = True
|
self.ansible_check_mode = True
|
||||||
|
|
||||||
|
@ -129,7 +141,8 @@ class SplunkHTTPCollectorSource(object):
|
||||||
'Content-type': 'application/json',
|
'Content-type': 'application/json',
|
||||||
'Authorization': 'Splunk ' + authtoken
|
'Authorization': 'Splunk ' + authtoken
|
||||||
},
|
},
|
||||||
method='POST'
|
method='POST',
|
||||||
|
validate_certs=validate_certs
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@ -144,6 +157,7 @@ class CallbackModule(CallbackBase):
|
||||||
self.start_datetimes = {} # Collect task start times
|
self.start_datetimes = {} # Collect task start times
|
||||||
self.url = None
|
self.url = None
|
||||||
self.authtoken = None
|
self.authtoken = None
|
||||||
|
self.validate_certs = None
|
||||||
self.splunk = SplunkHTTPCollectorSource()
|
self.splunk = SplunkHTTPCollectorSource()
|
||||||
|
|
||||||
def _runtime(self, result):
|
def _runtime(self, result):
|
||||||
|
@ -153,7 +167,9 @@ class CallbackModule(CallbackBase):
|
||||||
).total_seconds()
|
).total_seconds()
|
||||||
|
|
||||||
def set_options(self, task_keys=None, var_options=None, direct=None):
|
def set_options(self, task_keys=None, var_options=None, direct=None):
|
||||||
super(CallbackModule, self).set_options(task_keys=task_keys, var_options=var_options, direct=direct)
|
super(CallbackModule, self).set_options(task_keys=task_keys,
|
||||||
|
var_options=var_options,
|
||||||
|
direct=direct)
|
||||||
|
|
||||||
self.url = self.get_option('url')
|
self.url = self.get_option('url')
|
||||||
|
|
||||||
|
@ -175,6 +191,8 @@ class CallbackModule(CallbackBase):
|
||||||
'`SPLUNK_AUTHTOKEN` environment variable or '
|
'`SPLUNK_AUTHTOKEN` environment variable or '
|
||||||
'in the ansible.cfg file.')
|
'in the ansible.cfg file.')
|
||||||
|
|
||||||
|
self.validate_certs = self.get_option('validate_certs')
|
||||||
|
|
||||||
def v2_playbook_on_start(self, playbook):
|
def v2_playbook_on_start(self, playbook):
|
||||||
self.splunk.ansible_playbook = basename(playbook._file_name)
|
self.splunk.ansible_playbook = basename(playbook._file_name)
|
||||||
|
|
||||||
|
@ -188,6 +206,7 @@ class CallbackModule(CallbackBase):
|
||||||
self.splunk.send_event(
|
self.splunk.send_event(
|
||||||
self.url,
|
self.url,
|
||||||
self.authtoken,
|
self.authtoken,
|
||||||
|
self.validate_certs,
|
||||||
'OK',
|
'OK',
|
||||||
result,
|
result,
|
||||||
self._runtime(result)
|
self._runtime(result)
|
||||||
|
@ -197,6 +216,7 @@ class CallbackModule(CallbackBase):
|
||||||
self.splunk.send_event(
|
self.splunk.send_event(
|
||||||
self.url,
|
self.url,
|
||||||
self.authtoken,
|
self.authtoken,
|
||||||
|
self.validate_certs,
|
||||||
'SKIPPED',
|
'SKIPPED',
|
||||||
result,
|
result,
|
||||||
self._runtime(result)
|
self._runtime(result)
|
||||||
|
@ -206,6 +226,7 @@ class CallbackModule(CallbackBase):
|
||||||
self.splunk.send_event(
|
self.splunk.send_event(
|
||||||
self.url,
|
self.url,
|
||||||
self.authtoken,
|
self.authtoken,
|
||||||
|
self.validate_certs,
|
||||||
'FAILED',
|
'FAILED',
|
||||||
result,
|
result,
|
||||||
self._runtime(result)
|
self._runtime(result)
|
||||||
|
@ -215,6 +236,7 @@ class CallbackModule(CallbackBase):
|
||||||
self.splunk.send_event(
|
self.splunk.send_event(
|
||||||
self.url,
|
self.url,
|
||||||
self.authtoken,
|
self.authtoken,
|
||||||
|
self.validate_certs,
|
||||||
'FAILED',
|
'FAILED',
|
||||||
result,
|
result,
|
||||||
self._runtime(result)
|
self._runtime(result)
|
||||||
|
@ -224,6 +246,7 @@ class CallbackModule(CallbackBase):
|
||||||
self.splunk.send_event(
|
self.splunk.send_event(
|
||||||
self.url,
|
self.url,
|
||||||
self.authtoken,
|
self.authtoken,
|
||||||
|
self.validate_certs,
|
||||||
'UNREACHABLE',
|
'UNREACHABLE',
|
||||||
result,
|
result,
|
||||||
self._runtime(result)
|
self._runtime(result)
|
||||||
|
|
Loading…
Reference in a new issue